What is your suggestion?

Disable the provisionerd HTTP endpoint and migrate the in-process provisionerd to an in-process communication mechanism.

Why do you want this feature?

Right now we start provisionerd in the same process as coderd, and we don't have any mechanism to start a stand-alone provisionerd. However, that provisionerd communicates with coderd over an unsecured http endpoint.

The endpoint is needed when we have a stand-alone provisionerd, and it needs to be secure, but securing it now feels premature because the security needs will be very different compared with an in-process provisionerd.

Are there any workarounds to get this functionality today?

n/a

Are you interested in submitting a PR for this?

yes