fix(egress): require enforced credential destinations#1136
Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a5cbcc7faf
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
Breaking Change concern: mandatory defaultAction: deny
Security hardening direction makes sense, but forcing defaultAction: deny as a hard constraint is a breaking change that's difficult to accept.
Issues
-
All existing integrations break — every user currently running Credential Vault with
defaultAction: allowgets a 400 on upgrade. The E2E fixture churn (all 6 SDKs touched) shows the blast radius. -
defaultAction: denyputs heavy burden on callers — users must enumerate every destination host, including credential-bound targets AND their IP addresses (the newtargetIprules in E2E are a direct example). Maintaining a complete allowlist is expensive for sandboxes that talk to multiple services.
Suggestion
- Make
defaultAction: denyrecommended — guide users with docs and warning logs, don't hard-reject - If the security model truly requires deny-default, use a deprecation cycle: warn → reject
…l-egress-binding # Conflicts: # components/egress/credential_vault_handler_test.go
Summary
dns+nftenforcement so credential-bound destinations cannot bypass network policy through direct IP connections.defaultAction: allowbackward compatible, but emit security warnings and recommenddefaultAction: deny.Testing
Validation performed:
components/egress:go test ./...Full E2E was not run because it requires a matching OpenSandbox server and Credential Vault target environment.
Breaking Changes
Credential Proxy now requires an explicit network policy and
dns+nftenforcement. Existing deployments using DNS-only enforcement must migrate to:defaultAction: allowremains accepted for backward compatibility, but is deprecated for Credential Vault usage and emits a security warning.defaultAction: denywith explicit destination allow rules is recommended.Checklist