https://terminal.space/tag/security/ Recent content in Security on sugar, spice, &terminal? nice Hugo en Sun, 27 Aug 2023 02:06:05 +0000 https://terminal.space/tech/easy-secure-api-keys/ Sun, 27 Aug 2023 02:06:05 +0000 https://terminal.space/tech/easy-secure-api-keys/ <figure><img src="https://terminal.space/tech/easy-secure-api-keys/images/christian-lendl-ZyttGSu-o2E-unsplash.jpg"> </figure> <p>I needed to add API key authentication to our work environment. I needed:</p> <ul> <li>To develop the functionality quickly</li> <li>Be confident in the security of the system <ul> <li>API keys should only be visible once when created</li> <li>Should be hard to impersonate other users/be resilient to DB leak</li> </ul> </li> <li>Have an upgrade path for when we want to change/improve things</li> <li>Performance isn&rsquo;t a huge consideration</li> </ul> <p>I was able to use JWT tokens in a slightly clever way to make this happen. The best part is, there are no stored secrets on the server side. All of the server data could be revealed publicly without compromising the security. Here&rsquo;s how:</p>