I was implementing some improved LDAP stuff and one thing led to another… So short question, do any of the official integrations every read the API key in the config.xml? @canton7 @Nutomic @kozec @AudriusButkevicius @Catfriend1 @jerryjacobs
The reason I’m asking is that I ended up having to implement encrypting secrets in the config (because we would be storing a sensitive LDAP bind password). This should then naturally also cover the API key.
The key would still be available through the GUI and API, just not by eyeballing the config.xml…
I’m hoping the integrations do it the other way and set their own API key via the environment before startup… (Or have the user enter it manually, which would work equally well after this change as the user can still see it in the GUI.)