Skip to content

feat: leverage the heroku credential manager for auth#295

Open
michaelmalave wants to merge 5 commits intofeat/credential-mgr-integrationfrom
mm/feat/heroku-credential-manager-integration
Open

feat: leverage the heroku credential manager for auth#295
michaelmalave wants to merge 5 commits intofeat/credential-mgr-integrationfrom
mm/feat/heroku-credential-manager-integration

Conversation

@michaelmalave
Copy link
Copy Markdown
Contributor

@michaelmalave michaelmalave commented Mar 20, 2026

Summary

  • Adds @heroku/heroku-credential-manager as the single path for storing, reading, and removing Heroku CLI tokens.
  • Login persists credentials via saveAuth; logout keeps server-side revoke (session + OAuth authorizations) and clears local storage via removeAuth with vars.apiHost / vars.httpGitHost (fixes hardcoded netrc hosts for custom HEROKU_HOST).
  • API requests attach the Bearer token via await getAuth() (credential manager + HEROKU_API_KEY).
  • Command.init() runs await this.heroku.getAuth() so this.heroku.auth is populated before run(), preserving legacy sync checks (e.g. auth:whoami) without updating every plugin.
  • Adds src/credential-manager.ts with setCredentialManagerProvider() so tests can inject mocks
  • Removes netrc-parser from this package; netrc I/O lives in heroku-credential-manager.
  • CI: NODE_AUTH_TOKEN from NPM_TOKEN_HEROKU_CREDENTIAL_MANAGER
  • Tests: preload in init, getAuth caching, logout → removeAuth

Type of Change

Breaking Changes (major semver update)

  • Add a ! after your change type to denote a change that breaks current behavior

Feature Additions (minor semver update)

  • feat: Introduces a new feature to the codebase

Patch Updates (patch semver update)

  • fix: Bug fix
  • deps: Dependency upgrade
  • revert: Revert a previous commit
  • chore: Change that does not affect production code
  • refactor: Refactoring existing code without changing behavior
  • test: Add/update/remove tests

Testing

Checkout this branch for heroku-cli-command.
Open the cli repo to the main branch. In the package.json, update your cli command dependency to:

"@heroku-cli/command": "/path/to/heroku-cli-command",

run npm install && npm run build

Then test with

DEBUG=heroku-credential-manager ./bin/run login
HEROKU_NETRC_WRITE=true DEBUG=heroku-credential-manager ./bin/run whoami
DEBUG=heroku-credential-manager ./bin/run logout

and you should now see heroku-credential-manager logging as its being leveraged.
(note: expect debug lines from the credential manager (e.g. netrc load/save); Keychain usage is not always logged.)

Related Issues

GitHub issue: #[GitHub issue number]
GUS work item: W-20825872

@michaelmalave michaelmalave requested a review from a team as a code owner March 20, 2026 20:57
tlowrimore-heroku
tlowrimore-heroku approved these changes Mar 20, 2026
View reviewed changes
Copy link
Copy Markdown

@tlowrimore-heroku tlowrimore-heroku left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tlowrimore-heroku tlowrimore-heroku tlowrimore-heroku approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@michaelmalave @tlowrimore-heroku