Jan 16, 2023

Breaking Change: Hashid Salt Update

Starting with Keila 0.11.1, all entity IDs are created with an updated algorithm

The following change is only relevant if you are running your own instance of Keila. Users of our managed Keila offer don’t have to take any action.

Keila uses Hashids for all entities. Hashid is an algorithm for turning a numerical ID (e.g. 1) into a combination of characters and numbers (e.g. gB0NV05e). You can read more about how Hashids work on hashids.org.

Hashids are not a security mechanism

It’s important to note that Hashids are not a security mechanism. They can be reversed relatively easily. Keila uses them mainly for aesthetic purposes because the use of numerical IDs might imply semantic meaning of IDs to users which they don’t have.

What has changed in Keila 0.11.1 and why?

Due to a bug in previous versions, the Hashid salt, which was meant to be unique for each Keila instance, ended up being the same across all installations.

Keila 0.11.1 fixes this and now lets you define your own salt with the HASHID_SALT environment variable. If you don’t configure this variable, a salt will be derived from your SECRET_KEY_BASE.

The change of the salt means that all links, e.g. to forms or images have now changed.

In order to avoid breaking existing links, Keila continues to accept the IDs generated by previous versions. All newly generated links and IDs will be using the updated algorithm. You can easily recognize IDs generated by the new algorithm because they are all prefixed with n.

Support for legacy IDs has been marked as deprecated and will eventually be removed in a future version.