Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-20 10:20:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

fix(crypto): update key and IV to use environment variables for enhanced security

Browse source
This commit is contained in:
Danny Avila 2025-05-30 14:45:09 -04:00
parent ad6716f6ef
commit 4fea3d4274
No known key found for this signature in database
GPG key ID: BF31EEB2C5CA0956
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
api/server/utils/crypto.js
View file

@ -3,8 +3,8 @@ const crypto = require('node:crypto');
const { webcrypto } = crypto;
// Use hex decoding for both key and IV for legacy methods.
const key = Buffer.from('f34be427ebb29de8d88c107a71546019685ed8b241d8f2ed00c3df97ad2566f0', 'hex');
const iv = Buffer.from('e2341419ec3dd3d19b13a1a87fafcbfb', 'hex');
const key = Buffer.from(process.env.CREDS_KEY, 'hex');
const iv = Buffer.from(process.env.CREDS_IV, 'hex');
const algorithm = 'AES-CBC';
// --- Legacy v1/v2 Setup: AES-CBC with fixed key and IV ---