From 952a110a6ec21a2348d0dbce6f7c0e987798015c Mon Sep 17 00:00:00 2001 From: sunbrye Date: Wed, 15 Jul 2026 11:56:55 -0700 Subject: [PATCH] Remove HMAC key authentication method from public SDK auth docs The HMAC key auth method (CAPI_HMAC_KEY / COPILOT_HMAC_KEY) should not be documented publicly; it was re-added by doc automation. Removes it from the authentication priority list in authenticate.md and the summary in README.md. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- docs/auth/README.md | 2 +- docs/auth/authenticate.md | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/auth/README.md b/docs/auth/README.md index b09646d5d7..282bcb0192 100644 --- a/docs/auth/README.md +++ b/docs/auth/README.md @@ -7,6 +7,6 @@ Choose the authentication method that best fits your deployment scenario for the ## Authentication priority -When multiple credentials are configured, an explicit SDK token takes priority, followed by HMAC or direct Copilot API environment authentication, environment variable GitHub tokens, stored Copilot CLI credentials, and then GitHub CLI credentials. See [Authenticate Copilot SDK](authenticate.md#authentication-priority) for details. +When multiple credentials are configured, an explicit SDK token takes priority, followed by direct Copilot API environment authentication, environment variable GitHub tokens, stored Copilot CLI credentials, and then GitHub CLI credentials. See [Authenticate Copilot SDK](authenticate.md#authentication-priority) for details. For multi-user server mode, pass a per-session `gitHubToken` so each session runs with the correct GitHub identity; see [Multi-user and server deployments](../setup/multi-tenancy.md). diff --git a/docs/auth/authenticate.md b/docs/auth/authenticate.md index 7661060263..1a01901863 100644 --- a/docs/auth/authenticate.md +++ b/docs/auth/authenticate.md @@ -301,7 +301,6 @@ BYOK allows you to use your own API keys from model providers like Azure AI Foun When multiple authentication methods are available, the SDK uses them in this priority order: 1. **Explicit `gitHubToken`** - Token passed directly to the SDK client or session configuration -1. **HMAC key** - `CAPI_HMAC_KEY` or `COPILOT_HMAC_KEY` environment variables 1. **Direct API token** - `GITHUB_COPILOT_API_TOKEN` with `COPILOT_API_URL` 1. **Environment variable tokens** - `COPILOT_GITHUB_TOKEN` → `GH_TOKEN` → `GITHUB_TOKEN` 1. **Stored OAuth credentials** - From previous `copilot` CLI login