API Key is displayed in plain text in log file

This may be a regression of this issue.

When an Admin created an API key, the key hash is displayed in plain text in Admin > Logs and viewable by me (moderator). While most users won’t have access to the Admin > Logs, I’d still expect values like that to be further restricted.

Maybe induct an extra permission that one needs to be able to see this in plain text

The key hash is not the API key.

3 Likes

Yep. We just did a quick test on latest tests-passed and everything looks fine. You will see the truncated key and the key hash, but the actual API key is not visible in the logs.

2 Likes

This topic was automatically closed after 24 hours. New replies are no longer allowed.