storing Customer api keys
I am taking part in theos challenge, and now I have the issue that I need to store the llm keys in a database. How do I do that securely? my only auth means is rn github oAuth.
4 Replies
I don’t want to store any user information at all on my db so I ripped out NextAuth from t3-stack and went for Clerk and will be using privateMetadata to store the API keys. Can’t leak data if I don’t have it. Do you NEED to store the keys in your own db?
for some of my features sadly yes
Fair enough. I am not a security guru by any stretch but I tend to look toward OWASP when I have questions about security. I would recommend reading a TON and trying to find people who know their stuff about security.
https://cheatsheetseries.owasp.org/cheatsheets/Database_Security_Cheat_Sheet.html Database Security - OWASP Cheat Sheet Series
This may be more than you are asking for but it’s another data point.
Database Security - OWASP Cheat Sheet Series
Website with the collection of all the cheat sheets of the project.
‘More’ meaning it’s a lot of lower level details that a database host would likely already be doing. But it looks like there cloud be some relevant stuff in there.