Title says it all. Basically, I want to setup a stripe connect plugin for a client but I have to give them access to the Bubble editor as a condition of our contract and I don’t want them to see my stripe keys.
Hi @zelus_pudding ! Were you able to find a solution?
Sort of. Strac.io offers a solution that solves this very problem but it’s sort of pricey (looking at several hundred dollars per month along with an annual contract to start).
That said, I’ve since sketched a home grown solution that I think Bubblers can implement themselves to keep API keys out of our databases as read only text. It ends up working a lot like Strac except a Bubbler would run it themselves using a plugin that stores client keys in the environment variables of an AWS lambda function that’s secured to a particular Bubble app.
The upside is this solution is quite a bit cheaper to run. The tradeoff is that the Bubbler themselves needs to ensure their AWS account is secured with 2 factor auth and that access by internal collaborators (say your colleagues or contractors) is trusted/secure.
If this sounds like something of interest to you, I can spend some time finalizing the plugin that would automate most of these tasks (partly because this is still something I need myself). You could then install it, setup an AWS account, and begin accepting other users keys securely (i.e. the keys never touch your database or ours). Let me know!
2 Likes