Skip to content

fix(app-connection): hashicorp vault https gateway usage#5457

Merged
varonix0 merged 1 commit intomainfrom
daniel/fix-vault-connection
Feb 11, 2026
Merged

fix(app-connection): hashicorp vault https gateway usage#5457
varonix0 merged 1 commit intomainfrom
daniel/fix-vault-connection

Conversation

@varonix0
Copy link
Member

@varonix0 varonix0 commented Feb 11, 2026

Context

Fixed vault connection when using gateway against instances that are not running on port 8200.

Steps to verify the change

Type

  • Fix
  • Feature
  • Improvement
  • Breaking
  • Docs
  • Chore

Checklist

  • Title follows the conventional commit format: type(scope): short description (scope is optional, e.g., fix: prevent crash on sync or fix(api): handle null response).
  • Tested locally
  • Updated docs (if needed)
  • Read the contributing guide

@varonix0 varonix0 self-assigned this Feb 11, 2026
@varonix0 varonix0 requested a review from akhilmhdh February 11, 2026 19:23
@maidul98
Copy link
Collaborator

maidul98 commented Feb 11, 2026

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@varonix0 varonix0 changed the title fix(app-connection/hashicorp-vault): https gateway usage fix(app-connection): hashicorp vault https gateway usage Feb 11, 2026
@varonix0 varonix0 merged commit 8b86eea into main Feb 11, 2026
9 of 11 checks passed
@greptile-apps
Copy link
Contributor

greptile-apps bot commented Feb 11, 2026

Greptile Overview

Greptile Summary

Fixed HashiCorp Vault gateway port detection to properly handle URLs without explicit ports by using protocol defaults (443 for HTTPS, 80 for HTTP) instead of incorrectly defaulting to 8200.

  • Previously, gateway connections to Vault instances on standard HTTPS port (443) would fail if the URL didn't explicitly include :443
  • The fix correctly interprets empty url.port (which occurs when using protocol default ports) and applies the appropriate port based on the protocol
  • URL validation and security checks (blockLocalAndPrivateIpAddresses, verifyHostInputValidity) remain in place before port determination

Confidence Score: 5/5

  • This PR is safe to merge with minimal risk
  • The change is a straightforward bug fix that corrects port detection logic. The URL is already validated through security checks before port determination. The fix properly handles the case where url.port is an empty string (indicating protocol default) and uses standard HTTP/HTTPS ports instead of incorrectly assuming Vault's default port 8200. No breaking changes or security vulnerabilities introduced.
  • No files require special attention

Important Files Changed

Filename Overview
backend/src/services/app-connection/hc-vault/hc-vault-connection-fns.ts Fixed port detection to use protocol defaults (443/80) instead of hardcoded 8200 when port is not explicitly specified

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@akhilmhdh akhilmhdh akhilmhdh approved these changes

Assignees

@varonix0 varonix0

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@varonix0 @maidul98 @akhilmhdh