Skip to content

Store API key in Firestore instead of localStorage#2

Merged
phillsatellite merged 2 commits into
mainfrom
feature/secure-api-key-storage
Mar 4, 2026
Merged

Store API key in Firestore instead of localStorage#2
phillsatellite merged 2 commits into
mainfrom
feature/secure-api-key-storage

Conversation

@phillsatellite

@phillsatellite phillsatellite commented Mar 4, 2026

Copy link
Copy Markdown
Owner

Summary

  • Replace localStorage-based API key storage with Firestore (users/{uid}.apiKey)
  • On login, fetch API key from Firestore; on submit, save via setDoc with merge
  • Cypress mock flow still uses localStorage (no real Firebase in tests)
  • Requires Firestore security rules to restrict access to own user document

Test plan

  • Sign in and enter an API key — verify it saves to Firestore (users/{uid})
  • Sign out and sign back in — verify key is loaded from Firestore
  • Check browser DevTools Storage tab — no sidekick_apikey_* in localStorage
  • Set Firestore security rules and verify another user cannot read the key
  • Run Cypress E2E tests

Replace localStorage-based API key persistence with Firestore. On login,
the key is fetched from the user's Firestore document. On submit, it is
saved via setDoc with merge. Cypress mock flow still uses localStorage.
The API key is now stored in Firestore, not localStorage. Update the test
to verify the main app renders correctly after key submission.
@phillsatellite phillsatellite merged commit cfaf0a0 into main Mar 4, 2026
1 check passed
@phillsatellite phillsatellite deleted the feature/secure-api-key-storage branch March 4, 2026 02:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant