Granular secrets #351
Granular secrets #351
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| cachedAuthToken || authToken, | ||
| model, | ||
| orgName, | ||
| projectId, |
There was a problem hiding this comment.
The new PROJECT_ID_HEADER is parsed and passed to getApiSecrets here, but none of the existing implementations (e.g., lookupApiSecret in apis/node/src/login.ts) use the fifth argument or include project_id in the /api/secret POST. When a caller sends x-bt-project-id expecting project-scoped credentials, the proxy still fetches and caches org-level secrets keyed only by token/model, so a secret from one project can be reused for another and the project-level secret selection never takes effect.
Useful? React with 👍 / 👎.
Support specifying secrets at the project level