Switch to IAppConfig, declare api key as sensitive

nextcloud / integration_openstreetmap

OpenStreetMap integration in Nextcloud

GNU Affero General Public License v3.0

6 stars 0 forks source link

Switch to IAppConfig, declare api key as sensitive #11

Closed julien-nc closed 1 month ago

marcelklehr commented 1 month ago

Should we add a migration to encrypt the existing value?

julien-nc commented 1 month ago

@marcelklehr AppConfig encrypts values marked as sensitive.

marcelklehr commented 1 month ago

Right, but as-is, these changes only introduce the encryption for the app once the setting is changed if it's already installed, no?

julien-nc commented 1 month ago

I'll add a migration step. I made it like that because the API key is not so sensitive as it is necessarily exposed to the frontend. Also the maptiler API keys can be restricted to a specific "Origin" so it's not that bad if they leak.

But yeah, better be clean and consistent. I'll add a migration step in this PR.

julien-nc commented 1 month ago

Done in a second commit.