What constitutes acceptable justification for storing user credentials in Custom Metadata Types?
Answer
Acceptable justification for storing user credentials in Custom Metadata Types includes ensuring that the credentials are encrypted and securely stored. The encryption key should be stored in a protected custom setting or hidden custom metadata API field. Permissions for fields containing encrypted credentials must be correctly configured, and the developer must use Apex Crypto calls for encryption rather than relying on encrypted fields alone. Additionally, the application must implement proper access controls to restrict updates to these credentials to authorized users only.
What constitutes acceptable justification for storing user credentials in Custom Metadata Types?
Recommended Answer Update
There's no acceptable justification for storing user credentials in Custom Metadata Types. Custom Metadata Types are visible to all users and aren't suitable for sensitive data like credentials. Instead, use Named Credentials for external system authentication—they're designed specifically for secure credential storage with proper encryption and access controls. If you must store credentials programmatically, use Protected Custom Settings with proper encryption via Apex Crypto calls. Always avoid hardcoded credentials in any form and implement proper access controls to restrict credential management to authorized users only.
Reasoning
The original answer contains a fundamental security flaw by suggesting there are acceptable ways to store user credentials in Custom Metadata Types. This is incorrect and dangerous because Custom Metadata Types are visible to all users in the org and shouldn't contain sensitive data like credentials. The ApexSuggestUsingNamedCred rule specifically addresses this by recommending Named Credentials for external authentication instead of custom credential storage. The answer needed to be corrected to emphasize that Named Credentials are the proper solution, while maintaining the existing points about encryption, access controls, and avoiding hardcoded credentials. The security rules selected relate to: ApexSuggestUsingNamedCred relates to the FAQ's discussion of credential storage and the need to use proper Salesforce mechanisms; AvoidHardcodedCredentialsInFieldDecls, AvoidHardcodedCredentialsInVarDecls, and AvoidHardcodedCredentialsInVarAssign relate to the FAQ's mention of avoiding hardcoded credentials in various code contexts; ApexBadCrypto relates to the FAQ's discussion of using proper encryption methods; and ProtectSensitiveData relates to the overall topic of protecting credential information.