How do I store users’ API keys for 3rd party services
So I am working on a multitenancy app that needs to store users' API keys for 3rd party services, but given that these are rather sensitive information, I imagine I should have some form of security to protect these data? But I'm really not sure what is the best practice or approach to these situations.
Have you guys done anything like that? I've also read that some people salt and hash the credentials, but in that case, I don't think i'd be able to decrypt and read it?
Lockbox or attr_encrypted are great for that. You just define an encrypted column instead of your normal one and add a secret key.