Support new API_TOKEN format

Allows configuration the new API_TOKEN_PEPPERS setting from an ENV variable or secret file. Feature request: https://github.com/netbox-community/netbox/issues/20210 Pull request: https://github.com/netbox-community/netbox/pull/20477
2025-11-18 11:20:54 +03:00 · 2025-10-08 08:12:59 +02:00
parent f07c9d533d
commit 1f0ef020a9
4 changed files with 12 additions and 1 deletions
--- a/.github/workflows/push.yml
+++ b/.github/workflows/push.yml
@@ -36,12 +36,13 @@ jobs:
          SUPPRESS_POSSUM: true
          LINTER_RULES_PATH: /
          VALIDATE_ALL_CODEBASE: false
+          VALIDATE_BIOME_FORMAT: false
          VALIDATE_CHECKOV: false
          VALIDATE_DOCKERFILE: false
+          VALIDATE_GITHUB_ACTIONS_ZIZMOR: false
          VALIDATE_GITLEAKS: false
          VALIDATE_JSCPD: false
          VALIDATE_TRIVY: false
-          VALIDATE_GITHUB_ACTIONS_ZIZMOR: false
          FILTER_REGEX_EXCLUDE: (.*/)?(LICENSE|configuration/.*)
          EDITORCONFIG_FILE_NAME: .editorconfig-checker.json
          DOCKERFILE_HADOLINT_FILE_NAME: .hadolint.yaml
--- a/configuration/configuration.py
+++ b/configuration/configuration.py
@@ -116,6 +116,11 @@ REDIS = {
 # https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-SECRET_KEY
 SECRET_KEY = _read_secret('secret_key', environ.get('SECRET_KEY', ''))

+API_TOKEN_PEPPERS = {}
+if api_token_pepper := _read_secret('api_token_pepper_1', environ.get('API_TOKEN_PEPPER_1', '')):
+    API_TOKEN_PEPPERS.update({1: api_token_pepper})
+
+

 #########################
 #                       #
--- a/env/netbox.env
+++ b/env/netbox.env
@@ -1,3 +1,4 @@
+API_TOKEN_PEPPER_1=Qy+F=OTeGskWQ(wTMgjc+NPPlz6YwFXY=KHIIg=wpYXT&e(6u8
 CORS_ORIGIN_ALLOW_ALL=True
 DB_HOST=postgres
 DB_NAME=netbox
--- a/test-configuration/test_config.py
+++ b/test-configuration/test_config.py
@@ -10,3 +10,7 @@ PLUGINS = [
 ALLOW_TOKEN_RETRIEVAL = True

 DEFAULT_PERMISSIONS = {}
+
+API_TOKEN_PEPPERS = {
+    1: 'TEST-VALUE-DO-NOT-USE-TEST-VALUE-DO-NOT-USE-TEST-VALUE-DO-NOT-USE',
+}