dansup

Adding the ability to edit S3 api key/secret credentials is sketchy and requires careful consideration.

Before: fetch from cached .env variables

After: fetch from redis cache, if fails fetch from db, if fails fetch from cached .env vars

Now we need to store api keys in the database and hydrate the cache with the values, so I'm encrypting the db values and decrypting them in the redis cache.

Few db columns need this level of security, but I think I got this right ๐Ÿค”

2
Share
Share on Mastodon
Share on Twitter
Share on Facebook
Share on Linkedin
๐ŸŒˆ BarbaPulpe ๐Ÿ˜‡

@dansup
Do we actually need the ability to edit S3 keys? This is a very rare task and multiplying the key storage to several locations does not seem good for security, to enable a task which does not require to be done from the UI in my opinion.

2
9mo
Andy

@dansup you should have stopped after the first line.

just having storage credentials in ENV is enough, they never really need to be in the database.

1
9mo
Replies