Version 0.11.1 Jan 16, 2023
Breaking Change: Hashid Salt Update
Starting with Keila 0.11.1, all entity IDs are created with an updated algorithm
The following change is only relevant if you are running your own instance of Keila. Users of Keila Cloud don’t have to take any action.
Keila uses Hashids for all entities. Hashid is an algorithm for turning a
numerical ID (e.g. 1
) into a combination of characters and numbers
(e.g. gB0NV05e
). You can read more about how Hashids work on
hashids.org.
Hashids are not a security mechanism
It’s important to note that Hashids are not a security mechanism. They can be reversed relatively easily. Keila uses them mainly for aesthetic purposes because the use of numerical IDs might imply semantic meaning of IDs to users which they don’t have.
What has changed in Keila 0.11.1 and why?
Due to a bug in previous versions, the Hashid salt, which was meant to be unique for each Keila instance, ended up being the same across all installations.
Keila 0.11.1 fixes this and now lets you define your own salt with the
HASHID_SALT
environment variable. If you don’t configure this variable, a salt
will be derived from your SECRET_KEY_BASE
.
The change of the salt means that all links, e.g. to forms or images have now changed.
In order to avoid breaking existing links, Keila continues to accept the IDs
generated by previous versions. All newly generated links and IDs will be
using the updated algorithm. You can easily recognize IDs generated by the new
algorithm because they are all prefixed with n
.
Support for legacy IDs has been marked as deprecated and will eventually be removed in a future version.