Skip to content

feat(controlplane): print user/org ids and optionally mint an api key on bootstrap#2712

Merged
mekilis merged 1 commit into
mainfrom
pde-887-bootstrap-headless-seed
Jul 10, 2026
Merged

feat(controlplane): print user/org ids and optionally mint an api key on bootstrap#2712
mekilis merged 1 commit into
mainfrom
pde-887-bootstrap-headless-seed

Conversation

@mekilis

@mekilis mekilis commented Jul 10, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • convoy bootstrap now always prints user_id and organisation_id in both json and human output.
  • Adds an opt-in --with-api-key flag that mints a personal API key for the bootstrapped user and prints it, so an instance can be seeded fully via the CLI and API with no login step and no dashboard.
  • --api-key-name (default bootstrap-key) and --api-key-expiration (days) tune the key. An explicit expiration must be positive; unset (0) inherits the key service default (24h).

Behavior and safety

  • Flag validation runs up front, before any license check or record creation, so a bad flag combination fails fast and cannot leave a half-seeded user/organisation. --api-key-name / --api-key-expiration require --with-api-key.
  • The minted key is a durable org-admin credential, printed to stdout only, never logged. It is revocable via the returned api_key_id.
  • Failure policy: if key minting fails after the user and organisation are already persisted, the user credentials are still emitted, then the command returns a non-zero exit. This avoids stranding an admin account whose generated password would otherwise be lost (a rerun exits on duplicate email without re-minting).

Sample

convoy bootstrap --email you@example.com --with-api-key --api-key-expiration 90 --format json
{
    "email": "you@example.com",
    "password": "...",
    "user_id": "01J...",
    "organisation_id": "01J...",
    "api_key": "CO....",
    "api_key_id": "01J...",
    "api_key_expires_at": "2026-10-08T07:24:00Z"
}

Test plan

  • go test ./cmd/bootstrap/... (flag validation: bad format, missing email, key flags without --with-api-key, zero/negative explicit expiration)
  • gofmt / go vet / golangci-lint clean on cmd/bootstrap/...
  • Manual: run against a local instance, then use the printed api_key to create a project with no login

Note

Medium Risk
Creates durable org-admin API keys and prints them to stdout during instance seeding; behavior is opt-in but touches credential issuance and bootstrap failure paths.

Overview
convoy bootstrap now prints user_id and organisation_id in both json and human output, and can optionally mint a personal API key so a fresh instance can be wired up via the API without logging in.

Output is centralized in printBootstrapOutput, which is the only path that writes secrets (password and API key) to stdout—not the logger. New flags: --with-api-key, --api-key-name (default bootstrap-key), and --api-key-expiration (days; 0 defers to the key service’s 24h default). API-key-related flags are validated before license checks or DB writes; --api-key-name / --api-key-expiration require --with-api-key, and an explicitly set expiration must be > 0.

If key minting fails after the user and org already exist, the command still prints the user credentials, then exits non-zero so the admin password is not lost. Flag validation is covered by new tests in bootstrap_test.go.

Reviewed by Cursor Bugbot for commit 887d81d. Bugbot is set up for automated code reviews on this repo. Configure here.

… on bootstrap

add user_id and organisation_id to the bootstrap output, and an opt-in
--with-api-key flag (with --api-key-name and positive-only
--api-key-expiration in days) that mints a personal api key so an instance
can be seeded fully via cli and api with no login step.

flag validation runs before any license check or record creation. the
minted key is printed to stdout only, never logged. if key minting fails
after the user and organisation are already created, the credentials are
still emitted before returning a non-zero exit so the account is not
stranded.
@linear

linear Bot commented Jul 10, 2026

Copy link
Copy Markdown

PDE-887

Comment thread cmd/bootstrap/bootstrap.go Dismissed
Comment thread cmd/bootstrap/bootstrap.go Dismissed
Comment thread cmd/bootstrap/bootstrap.go Dismissed
Comment thread cmd/bootstrap/bootstrap.go Dismissed
Comment thread cmd/bootstrap/bootstrap.go Dismissed
Comment thread cmd/bootstrap/bootstrap.go
@mekilis mekilis merged commit 8b371ce into main Jul 10, 2026
34 checks passed
@mekilis mekilis deleted the pde-887-bootstrap-headless-seed branch July 10, 2026 08:06
mekilis added a commit that referenced this pull request Jul 10, 2026
bump VERSION to v26.6.3 and add the changelog section for the commits
since v26.6.2 (#2709, #2710, #2712).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants