arcodange/dance-lessons-coach
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

🧪 test(bdd): admin metadata endpoint security property — no secret leak (#52)
All checks were successful
CI/CD Pipeline / Build Docker Cache (push) Successful in 11s
Details
CI/CD Pipeline / CI Pipeline (push) Successful in 3m41s
Details
CI/CD Pipeline / Trigger Docker Push (push) Successful in 5s
Details

Browse Source 
Co-authored-by: Gabriel Radureau <arcodange@gmail.com>
Co-committed-by: Gabriel Radureau <arcodange@gmail.com>
This commit was merged in pull request #52.
This commit is contained in:
Gabriel Radureau
2026-05-05 09:56:17 +02:00
committed by arcodange
parent f71495b6fc
commit e9d61a7fb0
3 changed files with 74 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
features/jwt/jwt_secret_retention.feature
View File

@@ -40,6 +40,16 @@ Feature: JWT Secret Retention Policy
Then the primary secret should not be removed
And the primary secret should remain active
@critical @admin-introspection
Scenario: Admin metadata endpoint exposes structure without leaking secret values
Given a primary JWT secret exists
And I add a secondary JWT secret "test-secret-do-not-leak-please-12345"
When I request the JWT secrets metadata endpoint
Then the status code should be 200
And the metadata should contain 2 secrets
And the metadata should NOT contain the secret value "test-secret-do-not-leak-please-12345"
And every secret in the metadata should have a SHA-256 fingerprint
@todo
Scenario: Multiple secrets with different ages
Given I have 3 JWT secrets of different ages