The GitHub, GitLab, and Bitbucket interceptors skip all signature verification when secretRef is not set in interceptor params. The interceptor silently accepts all requests as authentic. This is by design (to support testing and internal-only use cases), but the silent behavior is a configuration footgun.
Users who omit secretRef — for example by copying a manifest without the auth parameters — get no indication that their interceptor is running without webhook authentication.
Proposed changes
1. Runtime warning log
When Process() runs with SecretRef == nil, log a warning:
WARN: GitHub interceptor running without signature verification. Set params.secretRef to enable webhook authentication.
2. Admission webhook warning
Return a Kubernetes admission warning (non-blocking) when an EventListener or Trigger references a github/gitlab/bitbucket interceptor without secretRef in params. This surfaces the issue at deploy time without breaking existing configurations.
3. Documentation
Add a security note to docs/interceptors.md under each interceptor section stating that omitting secretRef disables signature verification.
Non-goals
- Making
secretRef mandatory (breaking change, needs deprecation cycle)
- Changing default behavior to fail-closed (breaking change)
Future consideration
A future release could introduce an explicit skipSignatureCheck: true param for intentional no-auth mode, then require either secretRef or skipSignatureCheck.
The GitHub, GitLab, and Bitbucket interceptors skip all signature verification when
secretRefis not set in interceptor params. The interceptor silently accepts all requests as authentic. This is by design (to support testing and internal-only use cases), but the silent behavior is a configuration footgun.Users who omit
secretRef— for example by copying a manifest without the auth parameters — get no indication that their interceptor is running without webhook authentication.Proposed changes
1. Runtime warning log
When
Process()runs withSecretRef == nil, log a warning:2. Admission webhook warning
Return a Kubernetes admission warning (non-blocking) when an EventListener or Trigger references a github/gitlab/bitbucket interceptor without
secretRefin params. This surfaces the issue at deploy time without breaking existing configurations.3. Documentation
Add a security note to
docs/interceptors.mdunder each interceptor section stating that omittingsecretRefdisables signature verification.Non-goals
secretRefmandatory (breaking change, needs deprecation cycle)Future consideration
A future release could introduce an explicit
skipSignatureCheck: trueparam for intentional no-auth mode, then require eithersecretReforskipSignatureCheck.