fix(chapter-22): derive API-key encryption keys with HKDF salts
Chapter: 22 - User API key protection. Plain-English map: Replace static SHA-256 key derivation with HKDF and a unique salt per stored user API key row. Why it matters: Users may store real provider keys in Mike. Those keys deserve standard, reviewable cryptography instead of one shared derived key for every row. Principle: Use established key-derivation functions and per-record salts for encrypted secrets. Precedent borrowed: Upstream PR #76. Upstream base: willchen96/mike@d39f580. Original local commit: e0a64bd.
| Repository | amal66/mike |
|---|---|
| Author | Amal <mamalanand3@gmail.com> |
| Authored | |
| Parents | bb249e0f |
| Stats | 2 files changed , +58 , -5 |
| Part of | Config validation and secret handling |
Capture this commit into my fork
Download a Markdown prompt that tells Claude how to port this
exact commit into your working tree. Run it via
claude -p < capture-commit-5762ee71.md
from inside the repo you want the change in.