Plugin variables okay for a Private Key?

I have an app I would like to give to a larger group in the crypto space. To use you need to put in your Private Key into the plugin. (Where API keys are put in).

Question. How safe / not safe is the passing from browser to bubble and storage of such sensitive data.

Privacy rules work to keep data in the DB secure around the question of storage. But I get your question - passing from the browser to the DB. HTTPS protocol takes care of ensuring transport security. (same as entering your card details into a website checkout form)

I don’t think plug-in keys are sent to DB. This is much more critical than a credit card number. Just wondering if there is a best practice.

Yeah, this is what’s called a “secret” and it’s not held in the database, but in the editor/backend.

I didn’t really understand your original question. Are you saying you’re going to be entering multiple keys belonging to others into your backend, or that you’re going to share admin access with some other folks?

Just know that all admins will be able to see all keys.

1 Like

I think your answer is what I needed. Will give the bubble app to people. Will have a few key pages and use a plugin. The plugin needs the crypto private key.

I didn’t really understand the question either :rofl:

1 Like

Okay, here is the question. On the installed plugin page, you can add the keys used inside of the plugin (access through context.keys)

My question is how secure is it for a user implementing that plugin to put in a Private Key for a crypto wallet into Keys? This is not stored in a DB - that is good. But, I just need to be extra careful that this is secure before I deploy this out. Each user will deploy their own Bubble app with this plugin - so only one Private Key will be entered (one for mainnet one for testnet).

Obviously, if someone gets access to a Bubble account they will be able to see this - but that is up to the Bubble user.

This post (and entire thread) might be helpful…