Adding the ability to edit S3 api key/secret credentials is sketchy and requires careful consideration.
Before: fetch from cached .env variables
After: fetch from redis cache, if fails fetch from db, if fails fetch from cached .env vars
Now we need to store api keys in the database and hydrate the cache with the values, so I'm encrypting the db values and decrypting them in the redis cache.
Few db columns need this level of security, but I think I got this right 🤔
#pixelfed #security
dansup /
npub1ln…7737w
2024-03-14 10:52:47
Author Public Key
npub1ln54yvwdtp88j8cltkthe6kpaahdk0f60g56mfdx27tesdktev0st7737wPublished at
2024-03-14 10:52:47Event JSON
{
"id": "aa740b2c018835e69dda149841df33383da38e27c29fef364d7b91f830d215f8",
"pubkey": "fce95231cd584e791f1f5d977ceac1ef6edb3d3a7a29ada5a657979836cbcb1f",
"created_at": 1710413567,
"kind": 1,
"tags": [
[
"t",
"pixelfed"
],
[
"t",
"security"
],
[
"proxy",
"https://mastodon.social/users/dansup/statuses/112093663537945984",
"activitypub"
]
],
"content": "Adding the ability to edit S3 api key/secret credentials is sketchy and requires careful consideration.\n\nBefore: fetch from cached .env variables\n\nAfter: fetch from redis cache, if fails fetch from db, if fails fetch from cached .env vars\n\nNow we need to store api keys in the database and hydrate the cache with the values, so I'm encrypting the db values and decrypting them in the redis cache.\n\nFew db columns need this level of security, but I think I got this right 🤔\n\n#pixelfed #security",
"sig": "b649d20a8051907b0293b1f893f57987598e7815d1a36e19ef54d2100c1e24f8a43184c39fd4d03bb855c708c0823ec5990737545eaf60cd3b504ef0e3bee550"
}