Api Key Management
# API Key Management System
## Objective
Design and implement a secure API key management system with validation, rotation, and rate limiting. The system must use consistent camelCase naming (`apiKey`) throughout the codebase to prevent parsing errors and maintain code consistency.
---
## Core Security Requirements
### Mandatory Standards
1. **Naming Convention**: Use `apiKey` (camelCase) consistently across all code, configs, and databases
2. **Encryption**: Store API keys encrypted at rest using AES-256-GCM
3. **Hashing**: Hash API keys before storage (never store plaintext)
4. **Rotation**: Implement automatic key rotation every 90 days
5. **Scoping**: Support granular permissions per API key
6. **Rate Limiting**: Enforce per-key rate limits
7. **Audit Logging**: Log all API key usage and changes
---
## Technology Stack
- **Backend**: Node.js with TypeScript or Go
- **Database**: PostgreSQL for key metadata, Redis for rate limiting
- **Encryption**: crypto (Node.js) or crypto/aes (Go)
- **Hashing**: bcrypt or argon2
- **Cache**: Redis for fast key validation
---
## Database Schemawhen to use it
Community prompt sourced from the open-source GitHub repo Dziqha/awesome-agentic-coding-prompts (MIT). A "Api Key Management" style prompt — adapt the placeholders and specifics to your task. Imported as-is and not independently retested here, so check the output before relying on it.
tags
codingcommunitydeveloper
source
Dziqha/awesome-agentic-coding-prompts · MIT
more in Coding
Coding✓ tested
Senior code review (strict mode)
senior staff engineer running a merciless but fair review
Coding✓ tested
Debug by hypothesis, not by guessing
debugging partner who forms theories before touching code
Coding✓ tested
Generate tests from described behavior
test engineer who writes tests that would actually catch regressions