-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Webhook action - add support for headers as secrets #56874
Comments
Pinging @elastic/kibana-alerting-services (Team:Alerting Services) |
kibana/x-pack/plugins/actions/server/builtin_action_types/webhook.ts Lines 26 to 32 in 950ddf8
While we can easily add a new It seems like it could be possibly confusing to have it in both (eg, two "headers" editors in a create UI). We'd also need to document the priority. |
Good point @pmuellr! Aside from a bit of rework I don't think there are any drawback to moving from config to secrets? |
There is the downside that headers would then be hidden from the user in the UX so they can't actually verify that the field they have set has been saved. It would make debugging a misbehaving connector very hard. We should probably wait on doing this until we address this issue:#78704 |
Moving from |
Describe the feature:
The webhook action supports
user
andpassword
secrets which are used to create a Basic authentication header. But there is often other header information we'd like to encrypt:Bearer
scheme for token based authentication.Proxy-Authorization
headerWhile these can be set as headers today, they are not treated as secrets (not encrypted).
Describe a specific use case for the feature:
I may want to use a webhook to call an Elasticsearch API in a different cluster, using an API key.
according to the docs:
Having secret headers would allow creating a lightweight external Elasticsearch connector using an API key.
The text was updated successfully, but these errors were encountered: