[security] api_key_manager.py stores encryption key in plaintext .key file with no file permissions #706

New issue

Closed

opened 2026-06-02 23:56:44 +02:00 by sleepy · 0 comments

sleepy commented 2026-06-02 23:56:44 +02:00

Owner

Copy link

File: src/api_key_manager.py

Problems:

1. No file permissions on the encryption key file (line 19): The .key file containing the Fernet encryption key is written with default permissions. No os.chmod(path, 0o600) or safe_chmod() call. Any user on the system can read the encryption key, making the encryption worthless.

2. No integrity verification (line 14): The key file is read blindly with no length/format validation. A truncated or corrupted key file silently produces a Fernet instance that can't decrypt existing data.

3. Plaintext encryption key at rest: The Fernet key itself is stored as raw bytes in .key. Compare with integrations.py which uses core.atomic_io and safe_chmod for its data file. The key file should have the same protection.

4. load() decrypts all keys on every call (lines 44–53): load() decrypts every stored API key and returns them as a dict. Callers get plaintext keys in memory. No access logging or audit trail.

Fix:

• Call safe_chmod(key_file, 0o600) after writing the key
• Validate key file size/content before use
• Consider using the project's existing secret_storage module instead of a standalone Fernet instance

**File:** `src/api_key_manager.py` **Problems:** 1. **No file permissions on the encryption key file** (line 19): The `.key` file containing the Fernet encryption key is written with default permissions. No `os.chmod(path, 0o600)` or `safe_chmod()` call. Any user on the system can read the encryption key, making the encryption worthless. 2. **No integrity verification** (line 14): The key file is read blindly with no length/format validation. A truncated or corrupted key file silently produces a Fernet instance that can't decrypt existing data. 3. **Plaintext encryption key at rest**: The Fernet key itself is stored as raw bytes in `.key`. Compare with `integrations.py` which uses `core.atomic_io` and `safe_chmod` for its data file. The key file should have the same protection. 4. **`load()` decrypts all keys on every call** (lines 44–53): `load()` decrypts every stored API key and returns them as a dict. Callers get plaintext keys in memory. No access logging or audit trail. **Fix:** - Call `safe_chmod(key_file, 0o600)` after writing the key - Validate key file size/content before use - Consider using the project's existing `secret_storage` module instead of a standalone Fernet instance

sleepy referenced this issue from a commit 2026-06-03 15:59:01 +02:00

fix: secure .key file permissions and add integrity validation

sleepy referenced this issue from a pull request that will close it, 2026-06-03 16:00:12 +02:00

fix: secure .key file permissions and add integrity validation (#706) #803

sleepy closed this issue 2026-06-03 16:00:46 +02:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dev

fix/effective-mode-undefined

fix/async-generator-500

refactor/split-small-routes-779

refactor/split-session-routes-778

refactor/split-llm-core-700

refactor/split-chat-routes-724

refactor/split-model-routes-701

refactor/split-skills-routes-777

refactor/split-document-routes-769

refactor/split-ai-interaction-722

refactor/split-cookbook-routes-775

refactor/split-builtin-actions-723

refactor/split-task-scheduler-774

refactor/tool-execution-split-667

fix/rag-health-coordinator-756

fix/agent-core-missing-round-loop

fix/rag-health-check-756

fix/missing-readmes-782

fix/search-files-split-772

fix/dedup-search-impl-771

fix/mcp-integrations-split-781

fix/cookbook-helpers-split-785

fix/search-cross-feature-776

fix/graceful-llm-degradation-770

fix/dedup-research-handler-773

fix/cross-route-coupling-780

fix/skills-typed-request-762

fix/chat-stream-pydantic-731

fix/chat-handler-imports-737

fix/public-llm-exports-730

fix/dedup-search-content-784

fix/dedup-stream-parse-735

fix/stream-error-boundary-734

fix/typed-event-names-786

fix/dedup-js-utilities-792

fix/skills-index-lookup-761

fix/xss-charname-innerhtml-788

fix/coderunner-document-write-789

fix/ai-interaction-thread-safety-729

fix/client-side-api-key-regex-793

fix/dead-loadingtext-796

fix/active-streams-eviction-736

fix/builtin-actions-sqlite-orm-732

fix/llm-core-thread-safety-709

fix/singleton-thread-safety-768

fix/video-upload-multimodal-826

fix/mic-button-audio-825

fix/multimodal-capabilities-827

fix/dedup-system-msg-717

fix/service-dead-calls-750

fix/db-session-context-manager-757

fix/dedup-llmconfig-710

fix/keyword-lists-764-v2

fix/keyword-lists-764

fix/llm-cache-ttl-708

fix/validate-config-711

fix/totp-constant-time-689

fix/admin-tools-constant-681

fix/dedup-truncate-670

fix/threadsafe-extractions-audit-754

fix/dedup-json-io-767

fix/695-deduplicate-admin-check

fix/upload-auth-dedup-765

fix/705-deduplicate-network-constants

fix/deduplicate-chunking-749

fix/760-deduplicate-embed

fix/dedup-validation-759

fix/748-deduplicate-tokenization

fix/add-readmes-728-742-782

fix/key-file-permissions-706

fix/embedding-retry-766

fix/deterministic-doc-ids-753

fix/search-facade-783

fix/remove-dead-memory-746

fix/remove-rag-manager-747

fix/dead-docstring-763

refactor/split-tool-schemas-666

refactor/split-agent-loop-664

refactor/split-tool-implementations-665

fix/mark-stopped-500-663

fix/streamingtts-scope-662

fix/code-block-tool-parsing-661

No results found.

Labels

Clear labels   

area:chat

  

area:core

  

area:llm

  

area:routes

  

area:tools

  

bug

Something isn't working

  

documentation

Improvements or additions to documentation

  

duplicate

This issue or pull request already exists

  

enhancement

New feature or request

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

invalid

This doesn't seem right

  

question

Further information is requested

  

refactor

  

wontfix

This will not be worked on

No labels

area:chat

area:core

area:llm

area:routes

area:tools

bug

documentation

duplicate

enhancement

good first issue

help wanted

invalid

question

refactor

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

sleepy/odysseus#706

No description provided.