FAQ-000492 - Custom Settings and Configuration Security / Protected Custom Settings Security Requirements and Best Practices

Using a post-install script to populate Protected Custom Settings with sensitive credentials isn't recommended. Post-install scripts run with elevated privileges, which poses a security risk. Instead, it's better to use a secure method, like providing a custom UI for the subscriber to input sensitive credentials, which can then be securely stored in Protected Custom Settings.

Made minor improvements to make the language more conversational and direct by changing 'is not recommended' to 'isn't recommended' and 'poses a security risk' for better flow. The technical content remains accurate and complete. For security rules selected: - AvoidHardcodedCredentialsInFieldDecls: This rule directly relates to the FAQ's discussion of 'sensitive credentials' and the security risk of hardcoding credentials in post-install scripts, which would involve field declarations. - AvoidHardcodedCredentialsInVarDecls: The FAQ discusses populating custom settings with credentials in scripts, which would involve variable declarations containing sensitive data. - AvoidHardcodedCredentialsInVarAssign: The process of 'populate Protected Custom Settings with sensitive credentials' in post-install scripts involves variable assignments of credential data. - ApexSuggestUsingNamedCred: The FAQ recommends secure credential storage methods, which aligns with this rule's purpose of suggesting Named Credentials for credential management. - AvoidGlobalInstallUninstallHandlers: The FAQ specifically discusses 'post-install scripts' and their elevated privileges, which directly relates to this rule about install/uninstall handlers.