Secret Key Xano
Hello everyone,
We plan to use Xano to manage our app data. However, to ensure maximum security for users, we would like to use the security functions as indicated here: https://docs.xano.com/working-with-data/functions/security
Is it possible to save secret keys outside of Xano and/or outside of environment variables?
Thanks in advance
Best Answers
-
Yes, you can save outside of Xano.
Access token via the external API. Keep a map inside the Xano Db with external user token and xano user id.
-
There's an interesting service specifically for storing key value pairs over APIs: https://kvdb.io/pricing.
Answers
-
Thanks for the answer,
It's reassuring.
Sorry to bother you with an other question, where can I store a token like that via an external API ?
Github?
-
Other question,
Since Xano is based on Google Cloud Platform, is it possible to use Google KMS to manage the key ?
Thank you
-
Hey @Dorian A, sorrty to miss the prior Q. You could use either service, but Xano doesn't have an "inside track" with Google products, so it would be the same HTTP API as any other service. I'd try to use a relatively simple key-value store and maybe store data on there encrypted using a key you have on Xano. That way a compromise on the KV store wouldn't expose your keys, and you could cut off whoever is using Xano from your store by just invalidating the API key Xano uses to talk to it. Double locks on your keys.
Categories
- All Categories
- 53 ? Announcements
- 47 ? Releases
- 37 ? Welcome
- 983 ? Help! I'm a Noob
- 125 ? No-Code Front-Ends
- 633 ? Working with APIs
- 439 ? Transforming data
- 126 ? Connect Xano to ...
- 50 ?? Find an Expert
- 348 ❓Other questions
- 35 ? Security
- 22 ✂️ Snippets
- 19 ? Showcase
- 7 ?️ Xano Chatter
- 62 ? Video Tutorials
- 171 ? Request a feature
- 229 ? Report a Bug
- 19 ? Templates & Extensions
- 7 ? Feedback