Use header authentication for the Santa agent

- The enrollment secret must be present as `Bearer` token in the `Zentral-Authorization` header. - The existing URLs are deprecated and will be removed in the near future.
zentralopensource · Apr 17, 2024 · f71e1c6 · f71e1c6
1 parent 2f2492e
commit f71e1c6
Show file tree

Hide file tree

Showing 6 changed files with 169 additions and 97 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -50,6 +50,8 @@ Support for the Munki `default_installs` key.
 
 Support for the [Santa Signing ID rules](https://santa.dev/concepts/rules.html#signing-id-rules).
 
+Support for the `SyncExtraHeaders` configuration key and implementation of the authentication via `Zentral-Authorization` header.
+
 #### Inventory
 
 Jamf extensions attribute to principal user mapping.
@@ -70,6 +72,10 @@ New `zentral.core.stores.backends.panther` store backend for [Panther](https://p
 
 ### Backward incompatibilities
 
+#### 🧨 Santa agent authentication
+
+The Santa agent is now authenticated with an extra `Zentral-Authorization` header that must contain the enrollment secret. The older endpoints are still active, but they are deprecated and will be removed in the near future.
+
 #### 🧨 dependency on Redis
 
 Redis is now required. It can be used as cache and background task backend, and replaces Memcached.