Vouch request: marwinski

[marwinski]

What do you want to work on?

I'd like to contribute support for injecting secrets into outbound POST requests with Content-Type:
application/x-www-form-urlencoded. This is a common pattern in OAuth 2.0 client credentials flows and other authentication
methods where credentials are sent as form-encoded body parameters (e.g., client_id=...&client_secret=...) rather than as
HTTP headers or query parameters. This an extension to the secret injection feature and no change to existing functionality.

Key technical components:

• Detection of application/x-www-form-urlencoded content type on outbound POST requests at the proxy layer
• Parsing and injection of secret values into form-encoded body fields
• Integration with the existing secret injection policy primitives (currently header-only)

Why this change?

We would have to configure the agent with OAuth 2.0 client credentials without this enhancement. We do have an implementation for this and have validated this in our development and test environments.

I am an engineer working on adding OpenShell to our Gardener infrastructure and also the co-author of this request. Our goal is to integrate OpenShell as a first class citizen into our managed Kubernetes environment.

Checklist

• I wrote this request myself (not AI-generated)
• I have read CONTRIBUTING.md