New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

api key: upgrade encryption scheme of key-secret in db #6880

Open

giancarloromeo opened this issue Dec 2, 2024 · 1 comment

Assignees

Labels

Milestone

Contributor

giancarloromeo commented Dec 2, 2024 •

edited

Loading

migration from old to new scheme

giancarloromeo self-assigned this

giancarloromeo added the a:webserver label

giancarloromeo added this to the Event Horizon milestone

giancarloromeo assigned pcrespov

giancarloromeo mentioned this issue

♻️ Refactor API-keys service #6843

Merged

1 task

Contributor Author

giancarloromeo commented Dec 30, 2024

We need to store a hashed version of the api_key, I would suggest using bcrypt library.

When storing hashed keys:

Generate a random API key and hash it using bcrypt.
Store the hashed key in the database.

When verifying:

Retrieve the hashed key from the database.
Use the corresponding library's verify function to check the provided API key against the hash.

All existing API keys already stored in the DB must be hashed & updated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment