Don’t bother with it. If you are really paranoid about this, schedule new API tokens and do some automation with that. But for me, that’s too much for too little.
That’s a different case from brute force. That’s a genuine worry. Today there are more internal attacks with the RaaS which uses employees to make internal attacks be for data encrypting or extort to possible data leakage.
For a open source usage, you should use some personal strategy. There’s no way to give you any with the open source license(at least for mid-term). You should have someone addressing these ideas and strategies. Some companies build teams “Red and Blue teams” to force a culture of security.
Firewall, whitelisting, reverse proxy with some security features. Never give direct access to an operator. Create an API for those who need access the DB with some limits. That’s a type of strategy that you have to come up with.
If you are talking about the Cloud API Key, no way. That’s a standard thing. There is a “Poor’s man Auth” in the Open Source version. You can use that. And I think it can have any size key you wan’t. Not sure. But can be big.