Store key_prefix for readable key display instead of masked hash

The last-4 of the SHA-256 hash was meaningless for identification. Now storing the first 12 chars of the plaintext key as key_prefix, displayed as 'sk-aBcDeFgH••••••••' — consistent with what the user sees at creation time and how GitHub/OpenAI handle it.
2026-04-28 10:23:37 +02:00 · 2026-04-28 10:23:37 +02:00 · c62cafc202
commit c62cafc202
parent 94368670b7
4 changed files with 5 additions and 2 deletions
--- a/backend/crud.py
+++ b/backend/crud.py
@ -40,6 +40,7 @@ def create_api_key(
    db_key = APIKey(
        name=name,
        key=_hash_api_key(raw_key),
+        key_prefix=raw_key[:12],
        expires_at=expires_at,
        daily_tokens=daily_tokens,
        monthly_tokens=monthly_tokens,
--- a/backend/models.py
+++ b/backend/models.py
@ -10,6 +10,7 @@ class APIKey(Base):
    id = Column(Integer, primary_key=True, index=True)
    name = Column(String)
    key = Column(String, unique=True, index=True)
+    key_prefix = Column(String)
    is_active = Column(Boolean, default=True)
    created_at = Column(DateTime(timezone=True), default=_now)
    expires_at = Column(DateTime(timezone=True), nullable=True)
--- a/backend/schemas.py
+++ b/backend/schemas.py
@ -14,6 +14,7 @@ class APIKey(BaseModel):
    id: int
    name: str
    key: str
+    key_prefix: Optional[str] = None
    is_active: bool
    created_at: datetime
    expires_at: Optional[datetime] = None
--- a/frontend/src/main.jsx
+++ b/frontend/src/main.jsx
@ -3,7 +3,7 @@ import ReactDOM from 'react-dom/client';
 import axios from 'axios';
 import './styles.css';

-const maskKey = (key) => `••••••••${key.slice(-4)}`;
+const displayKey = (prefix) => prefix ? `${prefix}••••••••` : '••••••••••••';

 function authHeaders(token) {
  return { Authorization: `Bearer ${token}` };
@ -298,7 +298,7 @@ function App() {
              <tr key={key.id}>
                <td>{key.id}</td>
                <td>{key.name}</td>
-                <td>{maskKey(key.key)}</td>
+                <td>{displayKey(key.key_prefix)}</td>
                <td>{key.is_active ? 'Aktiv' : 'Inaktiv'}</td>
                <td>{key.expires_at ? new Date(key.expires_at).toLocaleDateString('de-DE', { timeZone: 'Europe/Berlin' }) : '∞'}</td>
                <td>{key.daily_tokens ?? '∞'}</td>