Add env variable to control hash rounds

backend/ee/danswer/auth/api_key.py

@@ -5,6 +5,8 @@ from fastapi import Request
 from passlib.hash import sha256_crypt
 from pydantic import BaseModel
 
+from ee.danswer.configs.app_configs import API_KEY_HASH_ROUNDS
+
 
 _API_KEY_HEADER_NAME = "Authorization"
 _BEARER_PREFIX = "Bearer "
@@ -27,7 +29,7 @@ def generate_api_key() -> str:
 def hash_api_key(api_key: str) -> str:
     # NOTE: no salt is needed, as the API key is randomly generated
     # and overlaps are impossible
-    return sha256_crypt.hash(api_key, salt="")
+    return sha256_crypt.hash(api_key, salt="", rounds=API_KEY_HASH_ROUNDS)
 
 
 def build_displayable_api_key(api_key: str) -> str:

backend/ee/danswer/configs/app_configs.py

@@ -5,3 +5,13 @@ OPENID_CONFIG_URL = os.environ.get("OPENID_CONFIG_URL", "")
 
 # Applicable for SAML Auth
 SAML_CONF_DIR = os.environ.get("SAML_CONF_DIR") or "/app/ee/danswer/configs/saml_config"
+
+
+#####
+# API Key Configs
+#####
+# refers to the rounds described here: https://passlib.readthedocs.io/en/stable/lib/passlib.hash.sha256_crypt.html
+_API_KEY_HASH_ROUNDS_RAW = os.environ.get("API_KEY_HASH_ROUNDS")
+API_KEY_HASH_ROUNDS = (
+    int(_API_KEY_HASH_ROUNDS_RAW) if _API_KEY_HASH_ROUNDS_RAW else None
+)

deployment/docker_compose/docker-compose.dev.yml

@@ -86,6 +86,11 @@ services:
       # (time spent on finding the right docs + time spent fetching summaries from disk)
       - LOG_VESPA_TIMING_INFORMATION=${LOG_VESPA_TIMING_INFORMATION:-}
       - LOG_ENDPOINT_LATENCY=${LOG_ENDPOINT_LATENCY:-}
+      # Enterprise Edition only
+      - API_KEY_HASH_ROUNDS=${API_KEY_HASH_ROUNDS:-}
+    volumes:
+      - local_dynamic_storage:/home/storage
+      - file_connector_tmp_storage:/home/file_connector_storage
     extra_hosts:
       - "host.docker.internal:host-gateway"
     logging: