Skip to content

Improve local development credential documentation #402

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
miparnisari merged 3 commits into from
Dec 10, 2025
Merged

Improve local development credential documentation #402

miparnisari merged 3 commits into from
Dec 10, 2025

Conversation

@ivanauth
Copy link
Contributor

@ivanauth ivanauth commented Oct 23, 2025

Addresses #350 by clarifying when to use INSECURE_PLAINTEXT_CREDENTIALS vs INSECURE_LOCALHOST_ALLOWED for local development scenarios.

Changes

  • Added Local Development section to client-libraries.mdx with insecure credential options for all supported languages
  • Added callout in protecting-a-blog.mdx explaining insecure credentials for all client libraries
  • Updated Node.js code example comment for clarity

Context

Teams using Orbstack or Docker with non-localhost hostnames (e.g., *.orb.local) were confused about which security setting to use. This makes it clear that insecure plaintext credentials work for all local development scenarios including localhost, Docker, Orbstack, and other non-TLS setups.

Fixes #350

@vercel
Copy link
Contributor

vercel bot commented Oct 23, 2025

@ivanauth is attempting to deploy a commit to the authzed Team on Vercel.

A member of the Team first needs to authorize it.

@ivanauth ivanauth force-pushed the fix/clarify-insecure-credentials-docs branch 3 times, most recently from fa43b84 to 67e90b9 Compare December 2, 2025 04:29
@ivanauth
Clarify local development security settings for insecure credentials
5780910 
Fix Node.js credential constant to include the correct v1.ClientSecurity.
namespace prefix matching the @authzed/authzed-node client library API.
Update documentation to be more precise about local development scenarios.
@ivanauth ivanauth force-pushed the fix/clarify-insecure-credentials-docs branch from 67e90b9 to 5780910 Compare December 2, 2025 05:36
@miparnisari miparnisari force-pushed the fix/clarify-insecure-credentials-docs branch from 4071db3 to 1b9626a Compare December 9, 2025 23:52
@miparnisari miparnisari enabled auto-merge (squash) December 9, 2025 23:52
@vercel
Copy link
Contributor

vercel bot commented Dec 9, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
docs Ready Ready Preview Comment Dec 10, 2025 0:00am

@miparnisari miparnisari merged commit 0b27c64 into authzed:main Dec 10, 2025
7 of 8 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators Dec 10, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@miparnisari miparnisari miparnisari approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Make it clearer that INSECURE_PLAINTEXT_CREDENTIALS should be used for local development

2 participants

@ivanauth @miparnisari