env var to disable auth

[y-nk]

Feature Request

Motivation

We're planning to run svix internally and have our own layer of auth on top, so we'd like to avoid having to handle auth (="generating the jwt using running container command line") in svix.

Proposal

an env var to disable auth

Alternatives

i don't think there's alternative to that

[tasn]

How do you know the request is really coming from your revere proxy and not somewhere else.

Idea: can you maybe generate a token and just inject it in the authorization header when forwarding requests to Svix? That will let you effectively turning authentication off but getting a bit more security.

[y-nk]

The svix container will not be exposed to the internet since we run in kubernetes.

The goal of this is indeed to avoid the idea you mention. we can do that, but it'd mean to generate a token for no reason. this being a a manual process, i think there are some cases where we could be to avoid setting it and simplify the deployment process since we master the space where the container will live.