Menu
I have a bunch of API keys and secrets (Stripe, Cloudinary etc), that are currently hard coded in my app. Where is the right place to store them? Should they be in the server, and I just store the server URL at my end (so that if the keys changes, the app continues to work)?
for example, I have this in my app delegate file:
func configureStripe(){
STPPaymentConfiguration.sharedConfiguration().publishableKey = "pk_test_1234rtyhudjjfjjs"
STPPaymentConfiguration.sharedConfiguration().appleMerchantIdentifier = "merchant.com.myapp"
}
731
Instead of embedding your API keys in your applications, store them in environment variables or in files outside of your application's source tree.
Storage: API keys should not be stored as plain text but rather stored as a hashed value in the database to prevent copying. Even if an attacker successfully targets the key management database, the keys are unusable.
API keys can be used to identify a specific project or the application making the call to the API. While API keys are not as secure as the tokens that provide authentication, they help identify the project or application that makes the call.
There are many tools to store secret keys.
If personal project, I typically go with xccconfig and just ignore that file in git but with teams this can be quite hard.
118
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
