Api Key Exposure in Chi with Mssql

Api key exposure in a Chi application that uses Microsoft SQL Server (Mssql) typically occurs when sensitive keys are mishandled in application code, configuration, or logs, and then inadvertently accessed or exposed through database interactions. Chi, a lightweight web framework for Clojure, often handles configuration via environment variables or EDN/properties files. When these keys are loaded into the application and used in Mssql connections or queries, poor practices—such as logging connection strings, embedding keys in dynamic SQL, or mishandling result sets—can lead to credentials being returned to clients or written to logs.

Specifically, if Chi reads an API key from an environment variable (e.g., using (System/getenv "API_KEY")) and then constructs dynamic SQL for Mssql without parameterization, an attacker leveraging SQL injection may extract the key from result sets or error messages. Additionally, if the application returns full database rows that include columns storing tokens or secrets, and those rows are exposed through an API endpoint, the keys are exposed. Mssql error messages can also reveal internal query structure or paths, aiding an attacker in understanding how keys are used. MiddleBrick’s 12 checks, including Input Validation and Data Exposure, identify these patterns by correlating runtime behavior with OpenAPI specs and detecting places where secrets might leak through unauthenticated endpoints.

Another vector involves LLM endpoints used within Chi services. If an API key is passed into an LLM prompt or stored in prompt context, middleBrick’s LLM/AI Security checks—such as system prompt leakage detection and active prompt injection testing—can flag whether keys are at risk of being extracted via jailbreak probes or appearing in model outputs. Since middleBrick scans the unauthenticated attack surface and cross-references spec definitions with runtime findings, it can highlight scenarios where an LLM endpoint inadvertently echoes an API key in verbose logging or error text.

Using the CLI tool, developers can quickly verify their Chi + Mssql setup: middlebrick scan <url>. The dashboard then shows per-category breakdowns, including Input Validation and Data Exposure, with prioritized findings and remediation guidance. For teams using CI/CD, the GitHub Action can enforce a score threshold to prevent deployments that expose keys, while the MCP Server enables scanning directly from AI coding assistants to catch issues during development.

Remediation focuses on preventing API key exposure through proper handling in Chi configuration and safe Mssql usage. Never embed API keys in SQL strings or logs. Use parameterized queries to avoid injection and ensure keys are stored as environment variables, accessed securely in Chi via (System/getenv), and never returned in API responses.

Example of unsafe code in Chi with Mssql:

(ns example.unsafe
  (:require [clojure.java.jdbc :as jdbc]))

(def db-spec
  {:classname "com.microsoft.sqlserver.jdbc.SQLServerDriver"
   :subprotocol "sqlserver"
   :subname "//localhost:1433/mydb"
   :user (System/getenv "DB_USER")
   :password (System/getenv "DB_PASS")})

(defn get-user-by-id [user-id]
  ;; UNSAFE: string concatenation enables injection and may expose keys in logs
  (jdbc/query db-spec (str "SELECT id, name, api_key FROM users WHERE id = " user-id)))

Example of safe remediation using parameterized queries and avoiding key exposure:

(ns example.safe
  (:require [clojure.java.jdbc :as jdbc]))

(def db-spec
  {:classname "com.microsoft.sqlserver.jdbc.SQLServerDriver"
   :subprotocol "sqlserver"
   :subname "//localhost:1433/mydb"
   :user (System/getenv "DB_USER")
   :password (System/getenv "DB_PASS")})

(defn get-user-by-id [user-id]
  ;; SAFE: parameterized query prevents injection; api_key is not returned
  (jdbc/query db-spec ["SELECT id, name FROM users WHERE id = ?" user-id]))

(defn get-api-key-for-service []
  ;; Access key securely for internal use only; never log or expose it
  (System/getenv "API_KEY"))

Additionally, sanitize error messages and avoid returning full rows that may contain sensitive columns. Configure Mssql to limit verbose errors in production and ensure Chi routes do not include secrets in URLs or logs. These practices align with findings from middleBrick’s checks, including Input Validation, Data Exposure, and LLM/AI Security when relevant.