feat: add AUTH_TOKEN_FILE support for Docker secrets (v2.7.5)

- Add AUTH_TOKEN_FILE environment variable support for reading auth tokens from files - Support Docker secrets pattern for production deployments - Add Known Issues section documenting Claude Desktop container duplication bug - Update documentation with authentication options and best practices - Fix issue #16: AUTH_TOKEN_FILE was documented but not implemented - Add comprehensive tests for AUTH_TOKEN_FILE functionality BREAKING CHANGE: None - AUTH_TOKEN continues to work as before 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-07-06 18:32:15 +02:00
parent 35e4cf0da4
commit 2a5c4ec6eb
7 changed files with 395 additions and 15 deletions
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -5,6 +5,21 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

+## [2.7.5] - 2025-07-06
+
+### Added
+- AUTH_TOKEN_FILE support for reading authentication tokens from files (Docker secrets compatible)
+- Known Issues section in README documenting Claude Desktop container duplication bug
+- Enhanced authentication documentation in Docker README
+
+### Fixed
+- Issue #16: AUTH_TOKEN_FILE was documented but not implemented
+- HTTP server now properly supports both AUTH_TOKEN and AUTH_TOKEN_FILE environment variables
+
+### Changed
+- Authentication logic now checks AUTH_TOKEN first, then falls back to AUTH_TOKEN_FILE
+- Updated Docker documentation to clarify authentication options
+
 ## [2.7.4] - 2025-07-03

 ### Changed
--- a/docs/DOCKER_README.md
+++ b/docs/DOCKER_README.md
@@ -59,11 +59,14 @@ docker run -d \
 | Variable | Description | Default | Required |
 |----------|-------------|---------|----------|
 | `MCP_MODE` | Server mode: `stdio` or `http` | `stdio` | No |
-| `AUTH_TOKEN` | Bearer token for HTTP authentication | - | Yes (HTTP mode) |
+| `AUTH_TOKEN` | Bearer token for HTTP authentication | - | Yes (HTTP mode)* |
+| `AUTH_TOKEN_FILE` | Path to file containing auth token (v2.7.5+) | - | Yes (HTTP mode)* |
 | `PORT` | HTTP server port | `3000` | No |
 | `NODE_ENV` | Environment: `development` or `production` | `production` | No |
 | `LOG_LEVEL` | Logging level: `debug`, `info`, `warn`, `error` | `info` | No |

+*Either `AUTH_TOKEN` or `AUTH_TOKEN_FILE` must be set for HTTP mode. If both are set, `AUTH_TOKEN` takes precedence.
+
 ### Docker Compose Configuration

 The default `docker-compose.yml` provides:
@@ -238,18 +241,40 @@ docker inspect n8n-mcp | jq '.[0].State.Health'

 ### Authentication

- Always use a strong AUTH_TOKEN (minimum 32 characters)
- Never commit tokens to version control
- Rotate tokens regularly
+n8n-MCP supports two authentication methods for HTTP mode:
+
+#### Method 1: AUTH_TOKEN (Environment Variable)
+- Set the token directly as an environment variable
+- Simple and straightforward for basic deployments
+- Always use a strong token (minimum 32 characters)

 ```bash
 # Generate secure token
 openssl rand -base64 32

-# Or use uuidgen
-uuidgen | tr -d '-' | base64
+# Use in Docker
+docker run -e AUTH_TOKEN=your-secure-token ...
 ```

+#### Method 2: AUTH_TOKEN_FILE (File Path) - NEW in v2.7.5
+- Read token from a file (Docker secrets compatible)
+- More secure for production deployments
+- Prevents token exposure in process lists
+
+```bash
+# Create token file
+echo "your-secure-token" > /path/to/token.txt
+
+# Use with Docker secrets
+docker run -e AUTH_TOKEN_FILE=/run/secrets/auth_token ...
+```
+
+#### Best Practices
+- Never commit tokens to version control
+- Rotate tokens regularly
+- Use AUTH_TOKEN_FILE with Docker secrets for production
+- Ensure token files have restricted permissions (600)
+
 ### Network Security

 For production deployments: