boundary
boundary copied to clipboard
hashicorp
Feature: traffic shaping
Is your feature request related to a problem? Please describe. We would like to inject HTTP headers in proxied HTTP traffic to identify the client with a predefined unique identifier. e.g. based on the client profile and additional metadata, insertion of x amount of headers.
Describe the solution you'd like Be able to write plugins/scripts which shape the traffic flow, comparable to ICAP.
Thanks for this feature request @hazcod - I'm going to work with our product manager on this one and will get back to you shortly.
Thanks for the interest and suggestion @hazcod. We will add this to our backlog. Just to disambiguate - I am guessing you would you want this for both https traffic and http, not only http? While both clearly are useful, https header injection would be a more involved implementation given the need to decrypt https traffic on workers.
While being on the backlog doesn't commit a specific timeline, I'll keep this issue open for the community to upvote if there's additional interest. The more upvotes, the higher priority :)
I'm also interested in this. I would definitely see a scenario where
- the target HTTP service uses JWT to authenticate users
- those JWT are generated by Vault with short lifetimes
- Boundary injects a JWT got from Vault in the
AuthorizationHTTP header
This would help using dynamic, short-lived secrets in my org. Vault already solves that with the agent/CSI plugin in production apps, but we don't have a user-friendly way to do that for users/local environments
