#pixelfed #security

Adding the ability to edit S3 api key/secret credentials is sketchy and requires careful consideration.

Before: fetch from cached .env variables

After: fetch from redis cache, if fails fetch from db, if fails fetch from cached .env vars

Now we need to store api keys in the database and hydrate the cache with the values, so I'm encrypting the db values and decrypting them in the redis cache.

Few db columns need this level of security, but I think I got this right 🤔

2
Share
Share on Mastodon
Share on Twitter
Share on Facebook
Share on Linkedin
Replies