cloudamqp · Copilot · Nov 1, 2025 · Nov 1, 2025 · Nov 1, 2025 · Nov 1, 2025
@@ -5,6 +5,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [Unreleased]
+
+### Added
+- Standard Webhooks signature support for HTTP shovels [#1423](https://github.com/cloudamqp/lavinmq/pull/1423)
+
 ## [2.6.0] - 2025-12-05
 
 This release introduces Geographic Information System (GIS) filtering for streams, enhanced performance testing capabilities, as well as many other improvements and bugfixes.

@@ -192,7 +192,7 @@ Use [lavinmqperf](https://lavinmq.com/documentation/lavinmqperf) to benchmark yo
 - Automatic leader election in clusters via etcd
 
 ### Other Functionality
-- Shovels
+- Shovels (including HTTP shovels with [Standard Webhooks](https://www.standardwebhooks.com/) signature support)
 - Queue & Exchange federation
 - Single active consumer
 - Stream queues

@@ -83,4 +83,61 @@ describe LavinMQ::HTTP::ShovelsController do
       end
     end
   end
+
+  describe "GET api/parameters/shovel" do
+    it "should mask dest-signature-secret in response" do
+      with_http_server do |http, s|
+        # Create a shovel parameter with a signature secret via API
+        body = {
+          value: {
+            "src-uri":               s.amqp_url,
+            "dest-uri":              "https://example.com/webhook",
+            "src-queue":             "test-q",
+            "dest-signature-secret": "my-secret-key",
+          },
+        }
+        response = http.put("/api/parameters/shovel/%2F/secret-shovel", body: body.to_json)
+        response.status_code.should eq 201
+
+        # Fetch and verify secret is masked
+        response = http.get("/api/parameters/shovel/%2F/secret-shovel")
+        response.status_code.should eq 200
+        json = JSON.parse(response.body)
+        json["value"]["dest-signature-secret"].as_s.should eq "********"
+      end
+    end
+
+    it "should preserve dest-signature-secret when updating without providing it" do
+      with_http_server do |http, s|
+        # Create a shovel parameter with a signature secret
+        body = {
+          value: {
+            "src-uri":               s.amqp_url,
+            "dest-uri":              "https://example.com/webhook",
+            "src-queue":             "test-q",
+            "dest-signature-secret": "my-secret-key",
+          },
+        }
+        response = http.put("/api/parameters/shovel/%2F/preserve-secret-shovel", body: body.to_json)
+        response.status_code.should eq 201
+
+        # Update without providing the secret
+        body = {
+          value: {
+            "src-uri":   s.amqp_url,
+            "dest-uri":  "https://example.com/webhook",
+            "src-queue": "updated-q",
+          },
+        }
+        response = http.put("/api/parameters/shovel/%2F/preserve-secret-shovel", body: body.to_json)
+        response.status_code.should eq 204
+
+        # Verify secret is still there (masked)
+        response = http.get("/api/parameters/shovel/%2F/preserve-secret-shovel")
+        json = JSON.parse(response.body)
+        json["value"]["dest-signature-secret"].as_s.should eq "********"
+        json["value"]["src-queue"].as_s.should eq "updated-q"
+      end
+    end
+  end
 end