Skip to content

docs: document app secret rotation and recovery#2359

Draft
Ghaith (Gaitholabi) wants to merge 1 commit into
mainfrom
docs/app-system-secrets-recovery
Draft

docs: document app secret rotation and recovery#2359
Ghaith (Gaitholabi) wants to merge 1 commit into
mainfrom
docs/app-system-secrets-recovery

Conversation

@Gaitholabi

Copy link
Copy Markdown
Contributor

Summary

Documents the app secret rotation and recovery feature:

  • New guideApp Secret Rotation & Recovery (guides/plugins/apps/lifecycle/app-secret-recovery.md): the app:secret:rotate and app:secret:recover commands, the unconfirmed_app_secrets state model, the deleted_apps uninstall/reinstall interaction, when to fall back to app:shop-id:change, limits, and observability.
  • Command reference — adds app:secret:rotate, app:secret:recover, and app:shop-id:change (with the deprecated app:url-change:resolve alias).
  • App Registration & Backend Setup — points shop-id resolution at app:shop-id:change (was the deprecated app:url-change:resolve) and cross-links the new guide.
  • Signing & Verification — documents validating the re-registration dual signature.

Related links

Checklist

  • I reviewed affected links, code samples, and cross-references, including PageRef references where relevant.
  • I added or updated redirects in .gitbook.yaml if pages were moved, renamed, or deleted. (N/A — one new page, three edited; nothing moved or renamed.)
  • I updated .wordlist.txt (and sorted it) if spellcheck flags new legitimate terms. (No update needed — the example app MyApp and OpenTelemetry are already in the wordlist.)
  • Any required dependent changes in downstream modules have already been merged and published. (Blocked on feat(app): make app secret rotation atomic and operator-recoverable shopware#17748.)
  • This pull request is ready for review. (Draft until the feature PR merges and the docs CI spellcheck/markdownlint pass.)

Notes

The repo's make spellcheck-local / make fix were not run locally (the tooling needs the docs Docker/pnpm setup; macOS has no timeout). Content was checked by hand: internal links resolve, callouts are balanced, the language guide is respected (no slash conjunctions, no emoji in tables), and new terms are wordlist-accepted or dictionary words. Please let the docs CI confirm spellcheck and markdownlint.

Adds an operator guide for the app:secret:rotate and app:secret:recover commands and the unconfirmed-secret state model, and folds the rest of the feature into the existing app docs:

- command reference: add app:secret:rotate, app:secret:recover, and app:shop-id:change (with the deprecated app:url-change:resolve alias)
- app-registration-setup: point shop-id resolution at app:shop-id:change
- app-signature-verification: document validating the re-registration dual signature
@shopware-dev-docs-connector

shopware-dev-docs-connector Bot commented Jun 30, 2026

Copy link
Copy Markdown

Developer Docs healthcheck

Status: Completed with success.
Repository: shopware/docs
Commit: 743f8ff
Preview: https://developer-documentation-m3co13h6p-shopware-frontends.vercel.app
Workflow run: #4314

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant