This change is completely irreversible. Once the migrations are run, the plain text keys will be deleted from the database. Marking as a draft PR for now to avoid accidental merging, but this is ready for review.
API keys are now only visible when first created. After that, only the first four characters are stored in the database for identification, along with an sha256 hash of the full key. This makes key usage easier to audit, and ensures attackers would not have access to the live site in the event of a database leak.
Many of the changes in this diff are to implement the new post-create UI, which looks like:
From a security perspective, the key files to review are:
@danielwaterworth I had some issues with
fab! in the tests, because it ‘refinds’ the record from the database after the initial save. The keys are kept temporarily as instance variables, so this refind was causing the key to be lost. I set
refind:false in these places, but would be interested if you know of a cleaner solution.