home/coding/api-key-management

Api Key Management

GPTClaudeDeepSeek··1,236 copies·updated 2026-07-14
api-key-management.prompt
# API Key Management System

## Objective

Design and implement a secure API key management system with validation, rotation, and rate limiting. The system must use consistent camelCase naming (`apiKey`) throughout the codebase to prevent parsing errors and maintain code consistency.

---

## Core Security Requirements

### Mandatory Standards

1. **Naming Convention**: Use `apiKey` (camelCase) consistently across all code, configs, and databases
2. **Encryption**: Store API keys encrypted at rest using AES-256-GCM
3. **Hashing**: Hash API keys before storage (never store plaintext)
4. **Rotation**: Implement automatic key rotation every 90 days
5. **Scoping**: Support granular permissions per API key
6. **Rate Limiting**: Enforce per-key rate limits
7. **Audit Logging**: Log all API key usage and changes

---

## Technology Stack

- **Backend**: Node.js with TypeScript or Go
- **Database**: PostgreSQL for key metadata, Redis for rate limiting
- **Encryption**: crypto (Node.js) or crypto/aes (Go)
- **Hashing**: bcrypt or argon2
- **Cache**: Redis for fast key validation

---

## Database Schema

when to use it

Community prompt sourced from the open-source GitHub repo Dziqha/awesome-agentic-coding-prompts (MIT). A "Api Key Management" style prompt — adapt the placeholders and specifics to your task. Imported as-is and not independently retested here, so check the output before relying on it.

tags

codingcommunitydeveloper

source

Dziqha/awesome-agentic-coding-prompts · MIT