Skip to content

Inefficient and insecure API key lookup in get_api_key_by_value #375

New issue
New issue
Closed
#396
Closed
Inefficient and insecure API key lookup in get_api_key_by_value#375
#396
Assignees
avirajsingh7
Labels
bugSomething isn't working
@avirajsingh7

Description

@avirajsingh7
avirajsingh7
opened on Sep 10, 2025

Inefficient lookup

  • The current implementation fetches all active API keys from the database and decrypts them one by one in Python.
  • This approach does not scale for large systems (millions of API keys).
  • API keys should be stored hashed (similar to passwords), not encrypted + decrypted for comparison.

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type

Projects

Dev Priorities

Status

Closed

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions