Platform: Validate shared token for all queries
Problem to solve
Although the gRPC service is for internal-only (communicating within the Monolith infrastructure), we still need a level of authentication. Following a similar approach to Gitaly, we should create a shared ENV token which will be used by the gRPC service to authenticate the requests.
See how Gitaly does this.
Technical considerations
As per the design document, we must consider:
- We may want to use
Bearer-style authentication headers for simplicity. - We will be recording gRPC request metrics.
- Requests sent without a token should return
401 UNAUTHENTICATED. - Token rotation will be handled in Infra: Add a runbook for how to rotate query AP... (#30).
Edited by Robert Hunt