You pretty much have to assume someone is going to put sensitive data in an input like this. Encryption by default is the only sensible choice.
You pretty much have to assume someone is going to put sensitive data in an input like this. Encryption by default is the only sensible choice.
But the encrypted API key doesn't work, it needs to be decrypted first. Let's give the server access to the private key so it can decrypt the API key. We can do this by putting the private key in an env var. But now the private key is unencrypted. Ah, it doesn't work.