Issue
Hi. As with any other secrets, they should be able to be changed or deleted to prevent security leakages. I don't see any function to delete an existing API key if that key has been leaked to the public.
In particular, I am commenting about the API key provided by api.congress.gov. A duplicate issue can be found on their GitHub page
Proposed solution 1
A simple way to resolve this is to create an input box taking in the API key given by the user. The backend will then query the database and delete the API key from usage so it can't be used anymore
Proposed solution 2
Another way is to have an expiration for each API key produced, either as a static value or a user-given value
Issue Hi. As with any other secrets, they should be able to be changed or deleted to prevent security leakages. I don't see any function to delete an existing API key if that key has been leaked to the public.
In particular, I am commenting about the API key provided by api.congress.gov. A duplicate issue can be found on their GitHub page
Proposed solution 1 A simple way to resolve this is to create an input box taking in the API key given by the user. The backend will then query the database and delete the API key from usage so it can't be used anymore
Proposed solution 2 Another way is to have an expiration for each API key produced, either as a static value or a user-given value