From 4fea3d42749dcea054d5000b5e05996ccb7c04a4 Mon Sep 17 00:00:00 2001
From: Danny Avila <danny@librechat.ai>
Date: Fri, 30 May 2025 14:45:09 -0400
Subject: [PATCH] fix(crypto): update key and IV to use environment variables
 for enhanced security

---
 api/server/utils/crypto.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/server/utils/crypto.js b/api/server/utils/crypto.js
index 883129238c..2f176fedee 100644
--- a/api/server/utils/crypto.js
+++ b/api/server/utils/crypto.js
@@ -3,8 +3,8 @@ const crypto = require('node:crypto');
 const { webcrypto } = crypto;
 
 // Use hex decoding for both key and IV for legacy methods.
-const key = Buffer.from('f34be427ebb29de8d88c107a71546019685ed8b241d8f2ed00c3df97ad2566f0', 'hex');
-const iv = Buffer.from('e2341419ec3dd3d19b13a1a87fafcbfb', 'hex');
+const key = Buffer.from(process.env.CREDS_KEY, 'hex');
+const iv = Buffer.from(process.env.CREDS_IV, 'hex');
 const algorithm = 'AES-CBC';
 
 // --- Legacy v1/v2 Setup: AES-CBC with fixed key and IV ---