refactor: tie API keys to orgs instead of users #2813

skeptrunedev · 2024-11-20T19:33:35Z

Description

Currently, API keys are only tied to users such that you cannot see any API keys which you did not create. This has some downsides.

if an API key leaks and needs to be deleted when the owner is out of office then another user in the org cannot delete it
if there's a bug and requests aren't working then it's important that other members of the org can see it exists
if someone leaves an org and their account is deleted then all requests using their keys will stop working

Migrating to a model where API keys are tied to orgs instead of users will mitigate these issues. Cookie based authentication should be required to create API keys for an org and all API keys which are created need to belong to an org.

Functionality for existing API keys which are tied to users cannot break, but need to be somehow demarcated as "legacy".

Target(s)

server,dashboard

Community channels

Matrix is preferred. Reach out on discord or Matrix for further assistance.

The text was updated successfully, but these errors were encountered:

skeptrunedev added feature New feature or request high priority server rust dashboard labels Nov 20, 2024

skeptrunedev assigned skeptrunedev, densumesh, cdxker and drew-harris Nov 20, 2024

cdxker unassigned skeptrunedev, cdxker and drew-harris Nov 21, 2024

densumesh linked a pull request Nov 22, 2024 that will close this issue

feature: scope api keys to orgs #2833

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

refactor: tie API keys to orgs instead of users #2813

refactor: tie API keys to orgs instead of users #2813

skeptrunedev commented Nov 20, 2024

refactor: tie API keys to orgs instead of users #2813

refactor: tie API keys to orgs instead of users #2813

Comments

skeptrunedev commented Nov 20, 2024

Description

Target(s)

Community channels