chronark
commented
1 year ago Hey @talentlessguy
We are never storing the keys themselves, we generate it and pass it to you and you should not store it either but give it to your user.
For key management each key has a unique id, which you can use to update its properties or delete, but the key id can never be used to verify the key itself.
We use planetscale as database provider and only store a sha256 hash of the key as reference. When you ask unkey to verify a key, we hash it and compare it to the hash in the db.
Hope that answers your concerns, let me know if I can help you any further
talentlessguy
Hi, I would like to use Unkey in my project but I have a few questions regarding security.