Skip to content

✨ feat(registry): add mTls support#135

Closed
Waler wants to merge 1 commit intoCodesWhat:mainfrom
Waler:feature/registry_mtls_support
Closed

✨ feat(registry): add mTls support#135
Waler wants to merge 1 commit intoCodesWhat:mainfrom
Waler:feature/registry_mtls_support

Conversation

@Waler
Copy link
Contributor

@Waler Waler commented Mar 11, 2026

No description provided.

@vercel
Copy link

vercel bot commented Mar 11, 2026

@ChristophWaldleitner is attempting to deploy a commit to the CodesWhat Team on Vercel.

A member of the Team first needs to authorize it.

@Waler Waler marked this pull request as draft March 11, 2026 12:30
@Waler
Copy link
Contributor Author

Waler commented Mar 11, 2026

The PR is currently targeting the wrong branch. Can you change the target branch of the PR if a new feature branch has been created? Else I will create a new PR with the correct target branch.

@Waler Waler force-pushed the feature/registry_mtls_support branch from 217a611 to 18c64a9 Compare March 11, 2026 13:05
@Waler Waler closed this Mar 11, 2026
@s-b-e-n-s-o-n
Copy link
Contributor

s-b-e-n-s-o-n commented Mar 11, 2026

Hey @Waler — thanks for the contribution! Great feature idea, mTLS support has been requested a few times.

We went ahead and incorporated this into the upcoming rc.12 release with your Co-Authored-By credit. A few things we fixed along the way:

  • Bug: The getHttpsAgent() check used this.configuration?.certfile but the Joi schema defined clientcert — so the mTLS code path would never actually execute. Fixed to check clientcert.
  • Typo: hasMutalTlshasMutualTls
  • Missing Custom registry: Only SelfHostedBasic got the schema update, but Custom (which extends BaseRegistry directly) also needed clientcert/clientkey in its Joi schema.
  • Tests: Added schema validation tests (accept pair, reject one without the other) and httpsAgent integration tests (mTLS only, mTLS + CA combined).

Commit: 074fc4b — you're listed as co-author.

Closing this PR since the changes are merged into release/v1.4.0-rc.12. Thanks again!

@Waler
Copy link
Contributor Author

Waler commented Mar 11, 2026

Hey @s-b-e-n-s-o-n ,
I just saw your comment right before creating a new PR for the feature. I closed it sooner because I opened it by mistake and it was missing tests (and had some easy mistakes as it seems).

I found some of the mistakes myself while implementing the tests and I'm now very excited to see, how you did it.

Thanks for reviewing, fixing and merging the PR :)

s-b-e-n-s-o-n added a commit that referenced this pull request Mar 12, 2026
@s-b-e-n-s-o-n @Waler
✨ feat(registry): add mTLS client certificate support
074fc4b 
Add CLIENTCERT and CLIENTKEY configuration options for self-hosted
registries that require mutual TLS authentication. Both options must
be provided together (enforced by Joi .and() constraint).

Supported registries: artifactory, custom, forgejo, gitea, harbor, nexus.

Based on #135 by @Waler with fixes:
- Fixed config key check (certfile → clientcert)
- Fixed typo (mutal → mutual)
- Added Custom registry schema support (was missing)
- Added full test coverage for mTLS agent and schema validation

Co-Authored-By: Waler <Waler89@googlemail.com>
s-b-e-n-s-o-n added a commit that referenced this pull request Mar 12, 2026
@s-b-e-n-s-o-n @Waler
✨ feat(registry): add mTLS client certificate support
b9b1664 
Add CLIENTCERT and CLIENTKEY configuration options for self-hosted
registries that require mutual TLS authentication. Both options must
be provided together (enforced by Joi .and() constraint).

Supported registries: artifactory, custom, forgejo, gitea, harbor, nexus.

Based on #135 by @Waler with fixes:
- Fixed config key check (certfile → clientcert)
- Fixed typo (mutal → mutual)
- Added Custom registry schema support (was missing)
- Added full test coverage for mTLS agent and schema validation

Co-Authored-By: Waler <Waler89@googlemail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@biggest-littlest biggest-littlest Awaiting requested review from biggest-littlest biggest-littlest is a code owner

@ALARGECOMPANY ALARGECOMPANY Awaiting requested review from ALARGECOMPANY ALARGECOMPANY is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Waler @s-b-e-n-s-o-n