Store API Credentials Safely: Obfuscation Before Encryption is Key

October 3rd 2021 new story

The challenge is that we can’t use hashing, as we would do for user passwords. We need the credentials to access the API, hence we need to reveal them upon retrieval from store. Encryption alone has its risks, however. In the simplest case, a mindless user chooses the word ‘*password* for the password and suddenly the potential hacker may have an easier task because they only need to try until *password* is revealed. One solution is to obfuscate the credentials characters among a larger string — like spreading some pepper in a plate.

@zapalote

Miguel

Scientist by training, creative spirit by choice.

by Miguel @zapalote. Scientist by training, creative spirit by choice.Read my stories

The paperwork API that scales with your tech stack.

Related Stories

Subject Matter

ATT&CK vs. D3FEND - Get Everyone On the Same Page by @z3nch4n

#cybersecurity

GraphQL vs REST: How To Choose One Over The Other by @yaf

#graphql

The All-Purpose Programmer: Episode 1 – “Hello World” by @halexmorph

#php

Learn the Blockchain Basics – Part 9: Blockchain Around the World by @mickey-maler

#bitcoin

Tags

#api#encryption#security#credentials#api-credential-safety#obfuscate-api-credential#encrypt-api-credential#hackernoon-top-story

Join Hacker Noon

Create your free account to unlock your custom reading experience.

Store API Credentials Safely: Obfuscation Before Encryption is Key
Source: Trends Pinoy