All threads / How do I store users’ API keys for 3rd party services

Ask A Question

Notifications

You’re not receiving notifications from this thread.

How do I store users’ API keys for 3rd party services

Yi Mei Wang asked in General

So I am working on a multitenancy app that needs to store users' API keys for 3rd party services, but given that these are rather sensitive information, I imagine I should have some form of security to protect these data? But I'm really not sure what is the best practice or approach to these situations.

Have you guys done anything like that? I've also read that some people salt and hash the credentials, but in that case, I don't think i'd be able to decrypt and read it?

Lockbox or attr_encrypted are great for that. You just define an encrypted column instead of your normal one and add a secret key.

That's an incredibly simple and elegant solution. Thank you so much Chris!

Join the discussion

Want to stay up-to-date with Ruby on Rails?

Join 35,699+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.

    logo Created with Sketch.

    Ruby on Rails tutorials, guides, and screencasts for web developers learning Ruby, Rails, Javascript, Turbolinks, Stimulus.js, Vue.js, and more. Icons by Icons8

    © 2020 GoRails, LLC. All rights reserved.