Skip to content

feat: implement HMAC-SHA256 for API key hashing#769

Merged
seapagan merged 4 commits into
mainfrom
update-api-key-hashing
Aug 10, 2025
Merged

feat: implement HMAC-SHA256 for API key hashing#769
seapagan merged 4 commits into
mainfrom
update-api-key-hashing

Conversation

@seapagan
Copy link
Copy Markdown
Owner

@seapagan seapagan commented Aug 10, 2025
edited
Loading

This uses the existing secret key (used in JWT) and is more secure than the original plain SHA256.

Note that this will invalidate any existing API keys which will need to be deleted and regenerated.

@seapagan
feat: implement HMAC-SHA256 for API key hashing and add corresponding…
7c28e02 
… tests

Signed-off-by: Grant Ramsay <seapagan@gmail.com>
@seapagan seapagan self-assigned this Aug 10, 2025
@seapagan seapagan added the enhancement New feature or request label Aug 10, 2025
github-advanced-security[bot]
github-advanced-security AI found potential problems Aug 10, 2025
View reviewed changes
Comment thread app/managers/api_key.py Dismissed
@codacy-production
Copy link
Copy Markdown

codacy-production Bot commented Aug 10, 2025

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
+0.00% (target: -1.00%) 100.00%
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (00b0c8a) 1534 1534 100.00%
Head commit (7c28e02) 1537 (+3) 1537 (+3) 100.00% (+0.00%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#769) 4 4 100.00%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

@codacy-production
Copy link
Copy Markdown

codacy-production Bot commented Aug 10, 2025
edited
Loading

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
+0.00% (target: -1.00%) 100.00%
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (00b0c8a) 1534 1534 100.00%
Head commit (63cebcc) 1537 (+3) 1537 (+3) 100.00% (+0.00%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#769) 4 4 100.00%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

@seapagan
ignore the codeql error - it will be secure d/t entropy and HMAC
79014ce 
Signed-off-by: Grant Ramsay <seapagan@gmail.com>
@seapagan seapagan added breaking and removed enhancement New feature or request labels Aug 10, 2025
@seapagan
docs: note the breaking change in this PR
9a3f05e 
Signed-off-by: Grant Ramsay <seapagan@gmail.com>
@seapagan
docs: remove placeholder for breaking changes in 0.7.1
63cebcc 
Signed-off-by: Grant Ramsay <seapagan@gmail.com>
@seapagan seapagan merged commit 77f5cd9 into main Aug 10, 2025
16 checks passed
@seapagan seapagan deleted the update-api-key-hashing branch August 10, 2025 15:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@seapagan seapagan

Labels

breaking

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@seapagan @github-advanced-security