MikeWatch Forks of the Mike legal-AI codebase, distilled for legal-tech readers
Home · willchen96/mike · PR #137

fix: update encryption key retrieval to use only USER_API_KEYS_ENCRYPTION_SECRET

✅ merged · #137 · willchen96/mike ← willchen96/mike · opened 24d ago by willchen96 · merged 24d ago by willchen96 · self · +2-5 across 1 file · ↗ on GitHub

From the PR description

Summary

Require USER_API_KEYS_ENCRYPTION_SECRET for stored user API key encryption.

Changes

  • Removed fallback to API_KEYS_ENCRYPTION_SECRET.
  • Removed fallback to SUPABASE_SECRET_KEY.
  • Updated the runtime error to explicitly require USER_API_KEYS_ENCRYPTION_SECRET.

Why

Stored user API keys should be encrypted with a dedicated secret only. Falling back to the Supabase service role key couples unrelated secrets and makes rotation/deployment behavior harder to reason about.

Testing

  • npm run build --prefix backend passes in the private repo.
  • OSS backend build was blocked by missing local type packages in open-source-export/backend: @types/cors, @types/express, @types/multer.

Our analysis

Require a dedicated secret for user API key encryption — read the full analysis →

Think the analysis missed something the PR description covers?

Commits in this PR (1)

SHA Subject Author Date
b4ba2742 fix: update encryption key retrieval to use only USER_API_KEYS_ENCRYPTION_SECRET; remove supabase secret key fallback willchen96 2026-05-16 ↗ GitHub

Capture this PR into my fork

Download a Markdown prompt that tells Claude how to port every commit in this PR into your working tree. Run it via claude -p < capture-pull-137.md from inside the repo you want the changes in.

⬇ Download capture-pull-137.md