Connectum API Reference / @connectum/auth / sharedSecretTrust
Function: sharedSecretTrust()
sharedSecretTrust(
options):InternalTrustSource
Defined in: packages/auth/src/internal-auth-interceptor.ts:384
Trust source that constant-time compares a single shared secret (ADR-029 option (c)).
DEV-ONLY. A single shared secret is NOT per-service: every legitimate caller holds the same secret, so one compromise forges ALL internal identities. Use meshIdentityTrust (mesh) or signedTokenTrust (non-mesh per-service JWT) in production. This factory exists only for local development and single-tenant low-trust-boundary setups, and is labeled as such so it is never mistaken for a containment-providing mode.
Parameters
options
The shared secret, header name, and the granted identity.