Skip to content

Prevent cross-user data leakage by salting remote cache keys #2362

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
agarwal-tanmay-work wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Prevent cross-user data leakage by salting remote cache keys #2362

agarwal-tanmay-work wants to merge 4 commits into from

Conversation

@agarwal-tanmay-work
Copy link

@agarwal-tanmay-work agarwal-tanmay-work commented Dec 24, 2025

Problem

Remote cache keys were derived from predictable hashes of prompts and model
parameters. Any authenticated user could query arbitrary cache keys,
potentially retrieving cached responses belonging to other users.

This created a privacy and security risk when prompts contain proprietary
or sensitive data.

Solution

This PR introduces user-specific cache key salting for all remote cache
operations:

  • Remote cache fetch/store operations now use keys salted with a SHA256
    hash derived from the user's EXPECTED_PARROT_API_KEY
  • Local cache access remains unsalted to preserve backward compatibility
  • Pricing estimation logic is aligned with the new salted key strategy
  • A test is added to verify correct cache partitioning behavior

Impact

  • Prevents cross-user cache enumeration
  • Ensures cached responses are isolated per user
  • Preserves existing local cache behavior

Files Changed

  • cache_entry.py
  • cache.py
  • jobs_pricing_estimation.py
  • tests/test_cache_salting.py

@agarwal-tanmay-work
Add support for user-salted cache keys
4f14475 
Introduces support for user-specific salting in cache key generation.

This enables higher-level cache isolation mechanisms to incorporate
user-derived entropy while keeping the cache entry interface backward
compatible.
@agarwal-tanmay-work
Isolate remote cache entries using user-specific key salting
dbbaaee 
Fixes a security issue where remote cache entries could be fetched using
predictable cache keys.

Remote cache fetch and store operations now use cache keys salted with a
SHA256-derived value based on the user's EXPECTED_PARROT_API_KEY, ensuring
that cached responses are isolated per user.

Local cache access remains unsalted to preserve backward compatibility.
@agarwal-tanmay-work
Align pricing estimation with salted cache key logic
7d69fe7 
Updates pricing estimation logic to use the same salted cache key strategy
as remote cache operations.

This ensures accurate cache hit predictions and consistent behavior
between pricing estimation and runtime execution.
@agarwal-tanmay-work
Add tests to verify remote cache key salting and user isolation
c34b414 
Adds a test that validates cache key salting behavior for remote cache
operations.

The test confirms that identical prompts from different users produce
distinct remote cache keys while preserving backward compatibility for
unsalted local cache lookups.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@agarwal-tanmay-work