You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Issue
Hi. As with any other secrets, they should be able to be changed or deleted to prevent security leakages. I don't see any function to delete an existing API key if that key has been leaked to the public.
In particular, I am commenting about the API key provided by api.congress.gov. A duplicate issue can be found on their GitHub page
Proposed solution 1
A simple way to resolve this is to create an input box taking in the API key given by the user. The backend will then query the database and delete the API key from usage so it can't be used anymore
Proposed solution 2
Another way is to have an expiration for each API key produced, either as a static value or a user-given value
The text was updated successfully, but these errors were encountered:
Issue
Hi. As with any other secrets, they should be able to be changed or deleted to prevent security leakages. I don't see any function to delete an existing API key if that key has been leaked to the public.
In particular, I am commenting about the API key provided by api.congress.gov. A duplicate issue can be found on their GitHub page
Proposed solution 1
A simple way to resolve this is to create an input box taking in the API key given by the user. The backend will then query the database and delete the API key from usage so it can't be used anymore
Proposed solution 2
Another way is to have an expiration for each API key produced, either as a static value or a user-given value
The text was updated successfully, but these errors were encountered: