Reference

Why your admin key never leaves our server

Last updated April 11, 2026 · by the AdminDex team

Your Meilisearch admin key is the most sensitive piece of data you give AdminDex. This article explains exactly where it lives, when it's decrypted, and what we do — and don't do — to keep it safe.

How it works

When you save an instance, AdminDex encrypts the admin key with authenticated AES-256 and stores the ciphertext in our database.

The plaintext admin key is decrypted only in-memory, immediately before AdminDex makes an HTTP call to your Meilisearch server. The decrypted value lives on the call stack for the duration of that one HTTP call, then it is discarded. It is never sent back to your browser, never logged, and never persisted anywhere outside the encrypted database column.

What AdminDex does not do

  • AdminDex does not expose the admin key in any UI after you save it. The form on the instance page shows a "set" indicator, not the value.
  • AdminDex does not store it in browser storage, cookies, or session state.
  • AdminDex does not include it in error messages, debug output, or audit logs.
  • AdminDex does not transmit it to any third party. The only outbound destination is your own Meilisearch server.

What this means for you

  • If our database were leaked, the admin keys would be unreadable without also leaking the encryption-key environment variable — they're stored on different hosts.
  • If you suspect a key is compromised, the fastest fix is to rotate the master key on your Meilisearch server (or revoke the specific key if it's a scoped key) and update AdminDex with the new value via the instance edit page.
  • For maximum compartmentalization, give AdminDex a scoped admin key (one with only the actions AdminDex needs) instead of your master key. The recommended scopes are documented in create and revoke API keys.

Limitations

  • Encryption protects against database leaks, not against a compromised AdminDex server. If an attacker has full root on the server, they have the env var too. This is the same model as every cloud platform that holds API credentials on your behalf.
  • AdminDex does not currently support hardware security modules (HSMs) or per-tenant encryption keys. Both are on the long-term roadmap.

Related