[FEAT]: Support hot-swapping of webhook secrets #261
Labels
Status: Stale
Used by stalebot to clean house
Status: Up for grabs
Issues that are ready to be worked on by anyone
Type: Feature
New feature or request
Describe the need
In my GitHub app, I have a couple different situations in which I'd like to support changing the webhook secret without restarting my service:
Initial configuration
Instances of my app are deployed via the GitHub App flow, where I create a new GitHub App from a manifest. When I first deploy a new instance of my service, it hasn't been registered as a GitHub app yet, so I don't yet know its webhook secret. Therefore, it should not accept any webhooks yet. Once the app registration is complete, though, I obtain the webhook secret for the new app, and I'd like to start accepting webhooks validated against that secret.
Secret rotation
I'd like to rotate my webhook secret periodically, or at least allow for a situation where my secret has been compromised and I need to manually change it. With the current code, I'd have to at least restart every service instance in my cluster just to update the secret. In addition, there could be webhooks already in flight for the old key, and I'd like to have a short period where I accept webhook requests that are signed with either the old or the new secret.
I'll open an initial PR shortly. As a bonus, I'll take care of existing issue #24, since I have to make changes to the validation code anyway.
SDK Version
No response
API Version
No response
Relevant log output
No response
Code of Conduct
The text was updated successfully, but these errors were encountered: