opensource/dify
2
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-06-27 07:31:09 +08:00
Code Issues Packages Projects Releases Wiki Activity
a79bc7d074
dify/web/app/components/develop/secret-key
History
yungle246 a79bc7d074 feat(api): mask secret tokens in api-key list responses (reveal-once) 
Previously the console api-key list returned every key's full plaintext
token, so anyone with console access could retrieve the secret of an
already-created key (via the copy button or the raw API response). This
is contrary to the reveal-once norm.

- List endpoints (app keys, workspace dataset keys, per-dataset keys) now
  return a masked token (prefix + last 4); the full secret is only ever
  returned by the create endpoint, at creation time.
- Frontend secret-key modal displays the masked token as-is and drops the
  copy affordance for existing keys (copying a masked value is pointless).

Applies to both app and dataset keys since they share the modal and the
ApiKeyItem response model.
2026-06-25 14:21:38 +09:00
..
__tests__ feat(api): mask secret tokens in api-key list responses (reveal-once) 2026-06-25 14:21:38 +09:00
assets Fix tts play logic (#2683) 2024-03-05 09:22:36 +08:00
input-copy.tsx refactor: migrate to tailwind v4 style (#36417) 2026-05-20 03:39:44 +00:00
secret-key-button.tsx feat: RBAC (#37107) 2026-06-18 16:35:29 +00:00
secret-key-generate.tsx refactor: migrate to tailwind v4 style (#36417) 2026-05-20 03:39:44 +00:00
secret-key-modal.tsx feat(api): mask secret tokens in api-key list responses (reveal-once) 2026-06-25 14:21:38 +09:00
style.module.css chore: clean up useless tailwind reference (#34478) 2026-04-02 11:45:19 +00:00