update docu for custom extra headers in cmemc

docs/automate/cmemc-command-line-interface/configuration/file-based-configuration/index.md

@@ -269,3 +269,12 @@ Setting this to a PEM file allows for using private Certificate Authorities for
 Please refer to [Certificate handling and SSL verification](../certificate-handling-and-ssl-verification/index.md) for more information.
 
 This variable defaults to `$PYTHON_HOME/site-packages/certifi/cacert.pem`.
+
+
+#### CMEMC_CUSTOM_HEADER_*
+
+Enabling this setting ensures that all HTTP requests made by cmemc include the specified custom headers.
+
+The CMEMC_CUSTOM_HEADER_ prefix is automatically removed, so only the header name (*) is used in the request.
+
+By default, this variable is set to none.

docs/automate/cmemc-command-line-interface/configuration/getting-credentials-from-external-processes/index.md

@@ -6,6 +6,7 @@ tags:
   - Security
   - cmemc
 ---
+
 # Getting Credentials from External Processes
 
 ## Introduction
@@ -60,6 +61,7 @@ In order to get credential information from an external process you need to use
 - `OAUTH_PASSWORD_PROCESS`, to set up the process to get the user password when using the `password` grant type.
 - `OAUTH_CLIENT_SECRET_PROCESS`, to set up the process to get the client secret when using `client_credentials` grant type .
 - `OAUTH_ACCESS_TOKEN_PROCESS`, to set up the process to get the direct access token (`prefetched_token`).
+- `CMEMC_CUSTOM_HEADER_*_PROCESS` to set up the process to get custom http headers if needed (the `*` needs to be replaced with the correct header name using all uppercase and `_` instead of `-`, e.g. `CMEMC_CUSTOM_HEADER_CF_ACCESS_TOKEN_PROCESS` for the `cf-access-token` header variable)
 
 The credential executable can use the other cmemc environment keys of the configuration block for fetching the credentials (e.g. `CMEM_BASE_URI` and `OAUTH_USER`).
 
@@ -87,6 +89,8 @@ OAUTH_CLIENT_ID=cmem-service-account
 OAUTH_CLIENT_SECRET_PROCESS=["getpass.sh", "parameter1", "parameter2"]
 ```
 
+Note: You need to define a named connection for this to take effect. Using the `[DEFAULT]` section fallback will not execute the process.
+
 ### Example: MacOS Keychain
 
 Here is a working example with the MacOS Keychain, which can be queried with the command line tool `security`.

docs/release-notes/corporate-memory-26-1/index.md

@@ -34,7 +34,7 @@ This release delivers the following component versions:
 
 - eccenca DataIntegration v26.1.0
 - eccenca Explore v26.1.1
-- eccenca Corporate Memory Control (cmemc) v26.1.1
+- eccenca Corporate Memory Control (cmemc) v26.1.2
 - eccenca Graph Insights v19.2.0
 
 We tested this release with the following dependency components:
@@ -221,10 +221,17 @@ We are pleased to announce the release of Explore v26.1, which introduces badges
     - SPARQL Excel downloads now have clean file names.
     - Notifications are now more robust when given non-string input.
 
-## eccenca Corporate Memory Control (cmemc) v26.1.0
+## eccenca Corporate Memory Control (cmemc) v26.1.2
 
 We are excited to announce the release of cmemc v26.1, which expands access-condition administration, adds richer project and query catalog operations, and improves list and output consistency across the CLI.
 
+**v26.1.2 of cmemc ships the following features:**
+
+- Support for arbitrary custom HTTP request headers via `CMEMC_CUSTOM_HEADER_*` environment variables and config keys
+    - Header name is derived from the suffix by replacing underscores with hyphens (e.g. `CMEMC_CUSTOM_HEADER_CF_ACCESS_CLIENT_ID` → `CF-ACCESS-CLIENT-ID`)
+    - Protected headers (`Authorization`, `User-Agent`) cannot be overridden and raise a configuration error
+    - Custom headers are cleared when switching connections
+
 **v26.1.1 of cmemc ships the following fixes:**
 
 - `workflow status` command