FAQ-000474 - Custom Settings and Configuration Security / Package Development and Managed Package Considerations

The most secure method for storing sensitive, user-specific information within a managed package is to use protected custom metadata API fields or protected custom settings. These ensure that sensitive data isn't accessible to unauthorized users or external packages. If encryption is needed, you can encrypt the sensitive data using Apex Crypto calls and securely store the encryption key in a protected custom setting or hidden custom metadata API field. The recommended methods include: 1. **Protected Custom Metadata**: This is the preferred method for storing secrets. It ensures that the data is secure and not accessible to unauthorized users. 2. **Protected Custom Settings**: This is a legacy option that can also be used for secure storage. However, it requires custom code to manage updates and access. 3. **Named Credentials**: This method is suitable for locally generated or per-org secrets. However, note that administrators can view these credentials. 4. **Encrypted Custom Objects**: If secrets must be stored in custom objects, they should be encrypted using Apex Crypto calls. The encryption key should be stored in a protected custom setting or hidden custom metadata API field.

The original FAQ content is well-structured and covers the important security practices for storing sensitive data in managed packages. The main improvements made were: 1. **Clarity improvements**: Changed "it should be noted that" to the more direct "note that" for better readability and a more conversational tone. 2. **Consistency**: Maintained the technical accuracy and structure while making the language slightly more accessible. The content aligns well with security best practices and doesn't contain outdated information that conflicts with current security rules. **Security Rules Analysis:** - **ApexBadCrypto**: Recommended because the FAQ discusses "encrypt the sensitive data using Apex Crypto calls" - this rule helps ensure proper cryptographic implementations are used. - **ApexSuggestUsingNamedCred**: Directly relevant as the FAQ explicitly mentions "Named Credentials" as one of the recommended methods for storing secrets. - **AvoidHardcodedCredentialsInFieldDecls, AvoidHardcodedCredentialsInVarAssign, AvoidHardcodedCredentialsInVarDecls**: These rules are highly relevant because the FAQ is teaching developers how to properly store sensitive information instead of hardcoding it, which these rules specifically flag against. - **ProtectSensitiveData**: This rule directly aligns with the FAQ's core topic of "storing sensitive, user-specific information" and the emphasis on protection methods like "protected custom metadata API fields or protected custom settings."