Store API Credentials Safely: Obfuscation Before Encryption is Key

The challenge is that we can’t use hashing, as we would do for user passwords. We need the credentials to access the API, hence we need to reveal them upon retrieval from store. Encryption alone has its risks, however. In the simplest case, a mindless user chooses the word ‘*password* for the password and suddenly the potential hacker may have an easier task because they only need to try until *password* is revealed. One solution is to obfuscate the credentials characters among a larger string — like spreading some pepper in a plate.


Miguel Hacker Noon profile picture


Scientist by training, creative spirit by choice.


Join Hacker Noon

Create your free account to unlock your custom reading experience.


Cryptovixens Source



Your email address will not be published. Required fields are marked *

Get 20% Discount

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue

Nullam quis risus eget urna mollis ornare vel eu leo. Aenean lacinia bibendum nulla sed