And I have recently noticed that webstask.io has also implemented a secrets manager.
I like webtask for security stuff, as it allows me to separate out the more sensitive API keys. Even if someone gets into my Bubble App, the API keys for login authorisation are elsewhere.
It would be good if Bubble were to implement a way to store API keys in the same way it does the access token for social logins. So well way from the “main” app.
Really like this idea. I’m working on a Fintech application at the moment and having my Stripe keys available in plain text is defo risky. 2FA was a great idea but we could improve on that.
Currently this is implemented by storing the client id and secret elsewhere, and passing the token (so no system stores everything it needs for access).
But ideally I would like to keep this in Bubble, but under “lock and key”.
If the keys are made private (for instance, when defining a plugin), they are stored in a part of the application that never is sent to the client in run mode, so it’s safe. Wouldn’t it do that you need?
Yes, that is great for hiding the keys from the client.
But it would be really good if the keys could be kept away from the API connector as well. So that developers can see the parameters but not the keys ?