Tag: Api Key
Problems related to API keys, such as missing, invalid, or expired credentials
| ID | Title | Description | Category | Technology | Tags |
|---|---|---|---|---|---|
| CRE-2025-0034 Medium Impact: 6/10 Mitigation: 2/10 | Datadog agent disabled due to missing API key | If the Datadog agent or client libraries do not detect a configured API key, they will skip sending metrics, logs, and events. This results in a silent failure of observability reporting, often visible only through startup log messages. | Observability Problems | agent | DatadogConfigurationApi KeyObservabilityEnvironmentTelemetryKnown IssuePublic |
| CRE-2025-0131 High Impact: 10/10 Mitigation: 4/10 | Supabase Self-Hosted: JWT Secret Missing or Invalid Configuration | Detects when Supabase self-hosted services fail due to missing, empty, or invalid JWT_SECRET configuration. This affects Auth service, REST API, and all authentication-dependent operations. Invalid JWT secrets prevent API token validation and break the entire authentication flow. | authentication | supabase | SupabaseAuthenticationJWTConfigurationSecurityApi KeySelf-HostedPublic |
| CRE-2025-0133 Medium Impact: 7/10 Mitigation: 4/10 | Supabase Self-Hosted: Storage Service Fails Due to S3 Misconfiguration | Detects when Supabase Storage service fails due to incorrect S3 configuration including invalid credentials, non-existent buckets, or wrong S3 endpoint settings. This affects file upload/download operations and prevents the storage API from functioning properly. | Storage | storage | SupabaseStorageS3AWSConfigurationApi KeySelf-HostedInfrastructurePublic |