Safe way to store sensitive data in settings.

1 年 前
I am developing a plugin and it has login information in the settings of the plugin. This is how I do it now:


I noticed that if you leave the 'encryptionPrivateKey' parameter empty then it defaults to this:

encryptionPrivateKey = _securitySettings.EncryptionKey;

My question is two fold.
1. Is this safe? As in, is this standard enough practice that it would not cause someone to go 'holy shit'.
2. What is this 'EncryptionKey' and how and when is it generated?

1 年 前
The admin common settings page has a section for Security.

If I search the code, it seems that the EncryptionKey is only used to encrypt the credit card info (which only applies if you do manual credit card transactions).

It would seem to me that if someone could hack into your database, they would see encrypted CC info, but if they know nopC, then they would also be able to get to the EncryptionKey (stored in DB's Settings table).

You will see that other plugins that store login credentials are storing them in plain text (e.g. UPS, FedEx, Avalara Tax, etc.).  System email passwords are stored plain text.  There's a work item to fix that  discussed here  But if those were encrypted, then the above hack would also apply.  Maybe storing the EncryptionKey in a configuration file on the app server would make it a little more secure, since it's on another server, but it's still vulnerable.

It's said that you should not hard code encryption keys, because then all the developers can easily get to it.  But, in your case it may be OK.  Someone could still reverse engineer your code to find it, but you can also encrypt your key, and obfuscate code to make it much harder to get to ;)
1 年 前
If secrets management is very important for the plugin, you can try the following options:

1. if you are running on Azure
2. if you are running on AWS
3. Pass your encryption key via environment variable if you are running on Docker.
4. or

Unfortunately there is no easy solution here.