Skip to content

Use JWTs with sync-cli #434

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
michael-richey merged 4 commits into from
Jan 13, 2026
Merged

Use JWTs with sync-cli #434

michael-richey merged 4 commits into from
Jan 13, 2026

Conversation

@michael-richey
Copy link
Collaborator

@michael-richey michael-richey commented Jan 12, 2026

What does this PR do?

Allows forwarding JWTs.

Description of the Change

This allows for using JWTs instead of app/api keys.

@michael-richey michael-richey marked this pull request as ready for review January 13, 2026 15:19
@michael-richey michael-richey requested a review from a team as a code owner January 13, 2026 15:19
heyronhay
heyronhay previously approved these changes Jan 13, 2026
View reviewed changes
Copy link
Collaborator

@heyronhay heyronhay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, one suggestion in the comments, but also, we don't log the JWT token anywhere, do we? To prevent it from exposed. I guess this applies to API/APP keys as well.

datadog_sync/utils/configuration.py

destination_auth = {}
if k := kwargs.get("destination_api_key"):
# JWT takes precedence over API keys
Copy link
Collaborator

@heyronhay heyronhay Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we output a message somewhere if JWT and API keys are specified that the JWT overrides it?

Copy link
Collaborator Author

@michael-richey michael-richey Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea, added on lines 147-152.

heyronhay
heyronhay reviewed Jan 13, 2026
View reviewed changes
datadog_sync/utils/configuration.py Outdated
if (kwargs.get("source_jwt") and kwargs.get("source_api_key")) or (
kwargs.get("destination_jwt") and kwargs.get("destination_api_key")
):
logger.warning("Both a JWT and an API key were found.")
Copy link
Collaborator

@heyronhay heyronhay Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"Both a JWT and an API key were found." -> "Both a JWT and an API key were found, JWT will take precedence" or something like that

Copy link
Collaborator Author

@michael-richey michael-richey Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oops yeah they need to know what is going on, updated

@michael-richey michael-richey merged commit 4e3a227 into main Jan 13, 2026
11 checks passed
@michael-richey michael-richey deleted the michael.richey/use-jwts branch January 13, 2026 18:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@heyronhay heyronhay heyronhay approved these changes

Assignees

No one assigned

Labels

changelog/Added

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@michael-richey @heyronhay