Skip to content

chore: Replace temporary Fastly API token with automation token#51

Open
dcadenas wants to merge 4 commits into
mainfrom
feat/45-replace-temporary-fastly-api-token-with-automation-t
Open

chore: Replace temporary Fastly API token with automation token#51
dcadenas wants to merge 4 commits into
mainfrom
feat/45-replace-temporary-fastly-api-token-with-automation-t

Conversation

@dcadenas
Copy link
Copy Markdown
Contributor

@dcadenas dcadenas commented May 18, 2026

Summary

The Fastly sync path already uses a Worker secret, but the safe rotation process was not written down in the repo.
This change adds a runbook for replacing a personal Fastly token with an automation token and checking that D1-to-Fastly KV sync still works.
It matters because the real token must be created by an operator and stored as a Cloudflare secret, not committed in code.

Motivation

The root problem is operational, not a runtime token-handling bug.
The Worker already reads FASTLY_API_TOKEN; the missing part was a repeatable process for creating, installing, and verifying the automation token.

Related Issue

Validation

The docs-specific test passes, and the admin UI builds.
The full root test suite is still blocked by an existing origin/main failure in src/routes/admin-sync.test.ts, unrelated to this docs-only diff.

  • npm run test:once
  • npm run build:admin
  • relevant local Wrangler validation if applicable
  • I could not run some validation locally, and I explained why below

Manual Test Plan / Notes

After a Fastly superuser creates the automation token, run npx wrangler secret put FASTLY_API_TOKEN.
Then call POST /api/admin/sync/fastly and confirm the response reports failed as 0.

  • git rebase origin/main
  • npm run test:once -- src/docs/runbooks.test.ts
  • npm run build:admin
  • npm run test:once failed on GET /admin/username/:name/nip05-status > returns not_applicable for non-active usernames; expected not_applicable, received missing.

Visuals / API Examples

  • No visual change
  • Screenshots, sample payloads, or logs attached if needed

Public Artifact Review

  • Titles, descriptions, branch names, and screenshots avoid partner, customer, brand, campaign, or other sensitive external names unless explicitly approved

dcadenas added 2 commits May 15, 2026 19:32
@dcadenas
Documented Fastly automation token rotation and verification runbook.…
a47496b 
… Added a docs coverage test to keep the required token settings, wrangler secret command, backfill check, cron caveat, and divine-name-sync follow-up documented.
@dcadenas
Clarify Fastly store id configuration in rotation runbook
08bd757
@dcadenas dcadenas requested a review from mbradley May 18, 2026 14:42
@dcadenas dcadenas marked this pull request as ready for review May 18, 2026 14:43
@dcadenas dcadenas removed the request for review from mbradley May 18, 2026 14:44
@dcadenas
Copy link
Copy Markdown
Contributor Author

dcadenas commented May 18, 2026
edited
Loading

@rabble could you run this rotation? I can’t create the Fastly automation token because I’m not a Fastly superuser. The runbook in this PR has the required steps.

@dcadenas dcadenas requested a review from rabble May 18, 2026 16:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rabble rabble Awaiting requested review from rabble

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dcadenas