Closed cfangmeier closed 5 years ago
cfangmeier
commented
5 years ago 74eff44 introduces an implementation of this. Still to be done is to preempt the remote fetch if keys are in the config file, and to (after a reasonable amount of time) revoke the "leaked" keys that are in the repo history.
t1meshift
commented
5 years ago That's great! Have you revoked the previous keys since they can be still found in git history? Also, isn't Flask a little heavy to just fetch keys from a server?
cfangmeier
commented
5 years ago Have you revoked the previous keys since they can be still found in git history?
Not yet, I want to finish the feature and have it pushed out for a couple weeks to give people time to upgrade before I revoke the old keys.
Also, isn't Flask a little heavy to just fetch keys from a server?
requests is used to fetch the keys. I used flask in my example server because it was easy for me to deploy on my server (already have a couple flask apps). A different server wouldn't have to use flask, it just needs to recieve a POST with some json and reply with the keys, also in json.
cfangmeier
commented
5 years ago Version 0.5.0 finishes the implementation of this feature.
Currently, the LastFM and Youtube API keys are stored in the code in plain text. This makes them pretty vulnerable to being yanked out, resulting in other parties impersonating the TUIJam app. This also means that if I ever have to revoke either of the keys, everyone's current installation will stop working.
This is a bit of a tricky problem because the client actually needs to have the API keys to work, so one can't just keep the keys secret. A pretty good compromise would be to use a solution similar to this project.
Basically, I would run a little app on a server that would serve the API keys to the app at runtime. This at least would prevent the keys from leaking through just scraping Github, and I could freely swap out the keys in the future if necessary.
I think it would also be a good idea to support having API keys in a config file in case I disappear and the server goes down so motivated users could create their own keys and place them in their config.