The FAQ content is technically accurate and covers the proper approach to handling app secrets using Protected Custom Metadata Records. I made minimal improvements to enhance clarity and conversational tone by changing 'they are' to 'they're' to align with the brand guidelines for being conversational and using contractions. The core technical content remains unchanged as it correctly addresses secret storage practices.
Related security rules selected:
- ApexBadCrypto: This rule relates to the FAQ's mention of encryption for secrets, as it detects weak cryptographic practices in Apex code that could apply when implementing the encryption mentioned in point 2.
- AvoidHardcodedCredentialsInFieldDecls: Directly relates to the FAQ's guidance on proper secret storage, as this rule prevents hardcoding credentials in field declarations, which the FAQ addresses by recommending protected metadata fields instead.
- AvoidHardcodedCredentialsInVarAssign: Connected to the FAQ's secret handling guidance, as this rule prevents credential hardcoding in variable assignments, supporting the FAQ's approach of using protected storage mechanisms.
- AvoidHardcodedCredentialsInVarDecls: Related to the FAQ's secret storage recommendations, as this rule prevents hardcoding credentials in variable declarations, which aligns with the FAQ's guidance to use protected custom metadata fields.
- ProtectSensitiveData: Directly applies to the entire FAQ content which focuses on protecting app secrets (sensitive data) through proper storage in protected custom metadata records and implementing appropriate security measures.