Skip to content

Comments

feat(spartan): (A-535) enable admin API key auth for next-scenario network#20738

Open
danielntmd wants to merge 1 commit intomerge-train/spartanfrom
danielntmd/admin-api-scenario-enable
Open

feat(spartan): (A-535) enable admin API key auth for next-scenario network#20738
danielntmd wants to merge 1 commit intomerge-train/spartanfrom
danielntmd/admin-api-scenario-enable

Conversation

@danielntmd
Copy link
Contributor

@danielntmd danielntmd commented Feb 20, 2026

Generates a fresh random admin API key on each nightly scenario deploy, stores the SHA-256 hash on validator pods via AZTEC_ADMIN_API_KEY_HASH, and makes the raw key available to the test runner via a K8s Secret. The raw key is never logged.

  • deploy_network.sh: generate key + hash with openssl/sha256sum, store raw key as 'aztec-admin-api-key' K8s Secret, pass hash to Terraform
  • variables.tf: add ADMIN_API_KEY_HASH (defaults to , keeping auth disabled for all other environments)
  • main.tf: set validator.node.adminApiKeyHash on all validator releases; empty string is falsy in Helm so other envs keep disableAdminApiKey=true
  • bootstrap.sh: read raw key from K8s Secret before tests run, export as AZTEC_ADMIN_API_KEY
  • config.ts: add AZTEC_ADMIN_API_KEY to test config schema
  • nodes.ts: pass key to createAztecNodeAdminClient as x-api-key header

feat(spartan): enable admin API key auth for next-scenario network
f4e88b0 
Generates a fresh random admin API key on each nightly scenario deploy, stores the SHA-256 hash on validator pods via AZTEC_ADMIN_API_KEY_HASH, and makes the raw key available to the test runner via a K8s Secret. The raw key is never logged.

- deploy_network.sh: generate key + hash with openssl/sha256sum, store raw key as 'aztec-admin-api-key' K8s Secret, pass hash to Terraform
- variables.tf: add ADMIN_API_KEY_HASH (defaults to , keeping auth disabled for all other environments)
- main.tf: set validator.node.adminApiKeyHash on all validator releases; empty string is falsy in Helm so other envs keep disableAdminApiKey=true
- bootstrap.sh: read raw key from K8s Secret before tests run, export as AZTEC_ADMIN_API_KEY
- config.ts: add AZTEC_ADMIN_API_KEY to test config schema
- nodes.ts: pass key to createAztecNodeAdminClient as x-api-key header
@danielntmd danielntmd added ci-network-scenario Run network scenario tests using an image built from this PR and removed ci-network-scenario Run network scenario tests using an image built from this PR labels Feb 20, 2026
@AztecBot AztecBot removed the ci-network-scenario Run network scenario tests using an image built from this PR label Feb 20, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@danielntmd @AztecBot