Replies: 3 comments 2 replies
-
|
Yes, API keys are stored in the browser's local storage under the key However, storing API keys in local storage poses security risks, as they can be accessed by malicious scripts or users with access to the local storage. The code includes a comment To continue talking to Dosu, mention @dosu. Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Other |
Beta Was this translation helpful? Give feedback.
-
|
I suggest following best practices and avoiding storing any sensitive data on the client side, even if it's encrypted. |
Beta Was this translation helpful? Give feedback.
-
|
Hi @Clasyc, Thank you for your feedback! In the OSS version, API keys are currently stored in the browser's local storage. However, in our Cloud version, they are securely stored in an encrypted vault. That said, we recognize the importance of securing API keys, and introducing a Vault for the OSS version is already part of our current sprint. This will ensure that API keys are encrypted for better security. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks @aybruhm ! A small addition, the vault would be in this case saved on server side. We hope to release the changes to OSS in the next couple of weeks. |
Beta Was this translation helpful? Give feedback.
-
|
Marking this discussion as resolved. Please feel free to reopen it if anything remains unclear. |
Beta Was this translation helpful? Give feedback.
-
Is there any reason why all API tokens are stored in the browser's local storage? Thats seems really odd approach...
Beta Was this translation helpful? Give feedback.
All reactions