Retrieval of uplink keys in server code

Is the retrieval of uplink keys in server code possible?

I am trying to reduce storing of sensitive data as much as possible. Therefore I would like to retrieve the uplink key and send it to (more or less) “trusted” hardware.

My scenario is as follows:

A few Raspbery Pi Picos that are “out of control” aka. distributed to other people. I do not want to store the server uplink key in the picos because they could be tampered.

I need the picos to act as servers so they can react to events triggered in the Anvil app’s web site. Client uplink keys cannot be used for that.

My concept is that I implement an HTTP server in the app’s server code residing at Anvil’s servers, the picos can be identified using their hardware ID plus some other code only known by the user and may be registered before being handed out. After connecting the picos to the interent via WLAN they request the server key by contaction the app’s http server using a path parameter.

Code Sample:

import anvil.server

@anvil.server.route("/users/:id")
def get_pico(id):
  if anvil.server.is_pico_registered(id):
    return f"The requested server key for pico {id} is {anvil.server.get_server_key()}"
  else:
    return "Error 418 I'm a teapot"

The picos can then store and use the server key in a local variable as long it is powered on.

Alas, I haven’t found any means to read the actual server uplink key using Anvil server code. Is there anything like anvil.server.get_server_uplink_key()?

Needless to say: I do not want to copy the server uplink key from the Anvil editor by hand and store it in a server code variable, because the server uplink key can easily be changed by a single mouse click using the “Uplink” button. The stored key would not be valid any more after that. I know that I WILL forget to copy the newly created key manually.

Regards,
Hampf

I do not think there is a way to programmatically get the uplink key from inside the server module (and I don’t think there should be), but you might want to look into storing the key in the secrets module for what you want to do.

You will still have to update the key in the secrets module if you “click the uplink key refresh button” but I have used uplink on various apps for years and have never found myself accidentally navigating to the uplink page and refreshing an API key that was distributed to uplink systems.

Using the secrets module to return that data from the endpoint as you have described could be a better way to manage if that key changed, so I think it is a good idea.
You would still have to change it in the secrets module if you regenerated the key though.

Full ACK, changing the key should not be a problem and I would say even I won’t do that accidentally.

I already use secrets and think this will work perfectly.

Thanks for getting me out of the loop.

Cheers,
Hampf