Summary
/admin/keys/rotate and /admin/keys/deactivate are always routed. The enforce_basic_auth gate only triggers for paths that match a configured handlers[].path regex. The default config (^/secure) does not cover /admin/*. An operator who doesn't add an explicit admin handler has publicly-accessible key rotation/deletion endpoints.
Refs
crates/fastly/src/main.rs lines 97-98 — admin route matchingcrates/common/src/auth.rs line 10 — enforce_basic_auth checks handlers listcrates/common/src/settings.rs line 381 — handlers parsingtrusted-server.toml line 1 — default handler only covers ^/secure
Recommendation
Either hard-require auth for /admin/* paths regardless of handler config, or validate at startup that an admin handler exists.
Context
Production readiness audit — see #396
Summary
/admin/keys/rotateand/admin/keys/deactivateare always routed. Theenforce_basic_authgate only triggers for paths that match a configuredhandlers[].pathregex. The default config (^/secure) does not cover/admin/*. An operator who doesn't add an explicit admin handler has publicly-accessible key rotation/deletion endpoints.Refs
crates/fastly/src/main.rslines 97-98 — admin route matchingcrates/common/src/auth.rsline 10 —enforce_basic_authcheckshandlerslistcrates/common/src/settings.rsline 381 —handlersparsingtrusted-server.tomlline 1 — default handler only covers^/secureRecommendation
Either hard-require auth for
/admin/*paths regardless of handler config, or validate at startup that an admin handler exists.Context
Production readiness audit — see #396