()
| 8 | const logger = createLogger('ApiKeyCrypto') |
| 9 | |
| 10 | function getApiEncryptionKey(): Buffer | null { |
| 11 | const key = env.API_ENCRYPTION_KEY |
| 12 | if (!key) { |
| 13 | logger.warn( |
| 14 | 'API_ENCRYPTION_KEY not set - API keys will be stored in plain text. Consider setting this for better security.' |
| 15 | ) |
| 16 | return null |
| 17 | } |
| 18 | if (key.length !== 64) { |
| 19 | throw new Error('API_ENCRYPTION_KEY must be a 64-character hex string (32 bytes)') |
| 20 | } |
| 21 | return Buffer.from(key, 'hex') |
| 22 | } |
| 23 | |
| 24 | /** |
| 25 | * Encrypts an API key using the dedicated API encryption key. Falls back to |
no test coverage detected