Skip to content

Rename encryption client config.strategy to authStrategy; document auth + keysets #563

Description

@coderdan

Summary

Rename the encryption client's auth strategy field from strategy to authStrategy to make its purpose clear, and document the client's authentication and keyset model properly in the Encryption() TypeDoc.

Scope

  • Rename (backwards compatible): ClientConfig.authStrategy becomes the documented field; ClientConfig.strategy is retained as a @deprecated alias that still works but logs a one-time runtime deprecation warning. authStrategy wins when both are set.
  • TypeDoc rewrite for Encryption():
    • Default auto strategy (env vars → local dev profile, which also supplies the client key).
    • npx stash auth login for local development.
    • The four CS_* env vars for production/CI (table + dashboard link).
    • Custom strategies via authStrategyAccessKeyStrategy and OidcFederationStrategy.
    • Lock context as an identity-bound capability on top of OidcFederationStrategy.
    • Keysets for multi-tenant isolation (one client per tenant).
  • Tests for the authStrategy field, the deprecated strategy alias (forwarding + warning), and precedence.

Resolved by

#562

Related follow-ups

Metadata

Metadata

Assignees

Labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions