Skip to content

feat: configurable webhook signing secret template#792

Merged
alexluong merged 4 commits intomainfrom
feat/signing-secret-template
Mar 25, 2026
Merged

feat: configurable webhook signing secret template#792
alexluong merged 4 commits intomainfrom
feat/signing-secret-template

Conversation

@alexluong
Copy link
Copy Markdown
Collaborator

@alexluong alexluong commented Mar 24, 2026

Summary

  • Add signing_secret_template config option for webhook destinations, allowing operators to customize auto-generated signing secret format (e.g., whsec_{{.RandomHex}} for Stripe-style prefixed secrets)
  • Template variables: {{.RandomHex}} (64-char hex, default), {{.RandomBase64}}, {{.RandomAlphanumeric}}
  • Invalid template syntax causes startup failure (fail-fast), unlike signature templates which silently fallback

Closes #543

Test plan

  • Invalid template syntax → New() returns error
  • Valid templates (empty/default, prefix, base64, alphanumeric, sprig functions) parse OK
  • Default template produces backward-compatible 64-char hex secret
  • Prefix template (whsec_{{.RandomHex}}) works for initial creation and rotation
  • E2E: template-generated secret produces valid HMAC signatures
  • Static template (no variables) produces identical secrets
  • Undefined variable ({{.Foo}}) fails at execution time during Preprocess
  • All existing destwebhook tests pass

🤖 Generated with Claude Code

@alexluong @claude
feat: add configurable signing secret template for webhooks
36dbcf4 
Allow operators to customize the format of auto-generated webhook
signing secrets via a Go template (e.g., `whsec_{{.RandomHex}}`).
Template is validated at startup — invalid syntax crashes early.

Closes #543

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@vercel
Copy link
Copy Markdown

vercel bot commented Mar 24, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
outpost-docs Ready Ready Preview, Comment Mar 24, 2026 7:12pm
outpost-website Ready Ready Preview, Comment Mar 24, 2026 7:12pm

Request Review

alexluong
alexluong commented Mar 24, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator Author

@alexluong alexluong left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

N/A

@alexluong @claude
chore: update dev config defaults
3fe2068 
Sync .outpost.yaml.dev with improved defaults: deployment_id, portal
settings, trailing underscore ID prefixes, and whsec_ signing secret
template.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@alexluong @claude
fix: propagate error from randomAlphanumeric
bf2e73e 
rand.Int error was silently discarded, which would cause a nil pointer
panic if rand.Reader failed.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@alexluong alexluong merged commit e1f4a3a into main Mar 25, 2026
5 checks passed
@alexluong alexluong deleted the feat/signing-secret-template branch March 25, 2026 15:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexbouchardd alexbouchardd alexbouchardd approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

destwebhook signing secret template

2 participants

@alexluong @alexbouchardd