Skip to main content

How do I store users’ API keys for 3rd party services

General • Asked by Yi Mei Wang

So I am working on a multitenancy app that needs to store users' API keys for 3rd party services, but given that these are rather sensitive information, I imagine I should have some form of security to protect these data? But I'm really not sure what is the best practice or approach to these situations.

Have you guys done anything like that? I've also read that some people salt and hash the credentials, but in that case, I don't think i'd be able to decrypt and read it?


Lockbox or attr_encrypted are great for that. You just define an encrypted column instead of your normal one and add a secret key.


That's an incredibly simple and elegant solution. Thank you so much Chris!


Login or Create An Account to join the conversation.

Subscribe to the newsletter

Join 27,623+ developers who get early access to new screencasts, articles, guides, updates, and more.

    By clicking this button, you agree to the GoRails Terms of Service and Privacy Policy.

    More of a social being? We're also on Twitter and YouTube.