Add support for custom HTTP headers in CLI requests #138
Description
Hello Cosmian 👋
Description:
When using the Cosmian KMS CLI behind a Cloudflare Zero Trust proxy, there is currently no way to pass custom HTTP headers with requests.
Cloudflare Zero Trust requires a cf-access-token header to authenticate requests before they are forwarded to the target service, which makes the CLI unusable in this setup out of the box.
Context:
We deployed a Cosmian VM on GCP behind Cloudflare Zero Trust as we do not want our KMS to be publicly accessible.
While trying to use the CLI to import and manage RSA keys (as an alternative to the UI, which returned format errors when attempting to export wrapped keys), we were unable to reach the API because the CLI doesn't support adding custom headers.
We worked around this by forking the CLI and adding dynamic header support ourselves, but since cosmian_http_client is not publicly available on GitHub, maintaining a fork is difficult.
Feature Request:
Add a CLI option to specify custom HTTP headers on requests, similar to curl's -H flag. For example:
cosmian kms ... --header "cf-access-token: <token>"
Why this matters:
- Cloudflare Zero Trust is not the only zero-trust solution that uses header-based authentication — this would benefit any user behind a similar proxy.
- Without this, users are forced to maintain a custom fork, which is hard to keep up to date.
- This would allow access to all Cosmian products without workarounds.