[Feature] local API key #115
Replies: 3 comments
-
|
There was an idea from another user about "friendly names" for albums/people so they didn't have to copy/paste long IDs. Something similar could work here. So in the config file immich_api_key:
- dave: KEY
- jo: KEYThen in the url Obviously the album and person data sources in the config wouldn't work for all users so they would need adding to the url. |
Beta Was this translation helpful? Give feedback.
-
|
I like the idea, but it would require admin interaction. Users on the server would need to create their API key and send it to the admin, who then has to update the config. It would also make it a lot easier for the users to use a key for sure. But does it make brute forcing into albums easier too? |
Beta Was this translation helpful? Give feedback.
-
|
Valid point. It would require some admin support. As for brute forcing albums. It's not a secure method of keeping api keys hidden from your users, or rather the resources they represent access to. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
I have searched the existing feature requests to make sure this is not a duplicate request.
The feature
My immich-app is used by multiple users. Currently I can only use a single API key for an immich-kiosk installation, because it is a static value in the
config.yaml. So I'd need multiple installations to provide kiosks for my users.Providing the API key in the URL might be problematic (just as with the password), but I wonder if there could be a modal window on the first connect asking for an API key if none is provided in the config. The specified key could then be stored as a local cookie for further connects.
Caveat: It's still being transferred over the network, so you at least should use HTTPS to the kiosk and between the kiosk and immich-app services.
Beta Was this translation helpful? Give feedback.
All reactions