Expand description
Persistent API key stores. SQLite + Postgres backends behind the
pylon_auth::api_key::ApiKeyBackend trait.
API keys are long-lived (months to never-expire), so unlike magic
codes there’s no aggressive expiry sweep — last_used_at plus
the user-facing management UI handle the “remove unused” pattern.
Storage shape mirrors the SQLite default — same column types both
sides so a SQLite → Postgres migration is pg_dump-style copy
without coercions. secret_hash is an Argon2 PHC string so old
keys keep verifying after a hash-param bump.