Skip to content

Improve local development credential documentation #402

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ivanauth wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Improve local development credential documentation #402

ivanauth wants to merge 1 commit into from

Conversation

@ivanauth
Copy link
Contributor

@ivanauth ivanauth commented Oct 23, 2025

Addresses #350 by clarifying when to use INSECURE_PLAINTEXT_CREDENTIALS vs INSECURE_LOCALHOST_ALLOWED for local development scenarios.

Changes

  • Added Local Development section to client-libraries.mdx with insecure credential options for all supported languages
  • Added callout in protecting-a-blog.mdx explaining insecure credentials for all client libraries
  • Updated Node.js code example comment for clarity

Context

Teams using Orbstack or Docker with non-localhost hostnames (e.g., *.orb.local) were confused about which security setting to use. This makes it clear that insecure plaintext credentials work for all local development scenarios including localhost, Docker, Orbstack, and other non-TLS setups.

Fixes #350

@vercel
Copy link

vercel bot commented Oct 23, 2025

@ivanauth is attempting to deploy a commit to the authzed Team on Vercel.

A member of the Team first needs to authorize it.

@ivanauth ivanauth force-pushed the fix/clarify-insecure-credentials-docs branch 3 times, most recently from fa43b84 to 67e90b9 Compare December 2, 2025 04:29
@ivanauth
Clarify local development security settings for insecure credentials
5780910 
Fix Node.js credential constant to include the correct v1.ClientSecurity.
namespace prefix matching the @authzed/authzed-node client library API.
Update documentation to be more precise about local development scenarios.
@ivanauth ivanauth force-pushed the fix/clarify-insecure-credentials-docs branch from 67e90b9 to 5780910 Compare December 2, 2025 05:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Make it clearer that INSECURE_PLAINTEXT_CREDENTIALS should be used for local development

1 participant

@ivanauth