FAQ-000566 - Custom Settings and Configuration Security / Uncategorized

Current Status:VALID_RESPONSEErrorUnable to AnswerSuggests Case

← Back to List View Prompt Template

Current FAQ

Question
What are the best practices for storing API credentials that need to be configured by a subscriber's administrator?
Answer
Here are the best practices for storing API credentials that need to be configured by a subscriber's administrator in Salesforce: 1. **Use Protected Custom Settings**: Securely store credentials in protected custom settings, ensuring they are not accessible to unauthorized users or external packages. Provide a custom UI (e.g., Visualforce, Aura, or LWC) for administrators to input and manage these credentials. 2. **Use Named Credentials**: These allow secure packaging of metadata and configuration while letting the subscriber set up credentials post-installation. Note that administrators can view these credentials, so they are suitable for locally generated or per-org secrets. 3. **Encrypt and Store in Custom Objects**: If using custom objects, encrypt credentials with Salesforce's Apex Crypto methods. Store the encryption key in a protected custom setting or hidden custom metadata API field. Configure permissions to restrict access. 4. **Avoid Public Storage**: Do not store credentials in public custom settings, public custom objects, or public custom metadata, as these are accessible to other packages and untrusted code. 5. **Implement Secure Access Controls**: Restrict credential management to authorized users (e.g., administrators) and enforce proper CRUD/FLS checks in Apex code. 6. **Prevent Debug Log Exposure**: Ensure sensitive data like API credentials is not written to debug logs to avoid accidental exposure. These practices help ensure the security and integrity of sensitive data within Salesforce.

Enhancing FAQ with AI recommendations...

AI Recommended Enhancement

Related Security Rules (click to view)
ApexSuggestUsingNamedCredAvoidHardcodedCredentialsInFieldDeclsAvoidHardcodedCredentialsInVarDeclsAvoidHardcodedCredentialsInVarAssignAvoidHardcodedCredentialsInHttpHeaderApexBadCryptoProtectSensitiveData
Question
What are the best practices for storing API credentials that need to be configured by a subscriber's administrator?
Recommended Answer Update
Here are the best practices for storing API credentials that need to be configured by a subscriber's administrator in Salesforce: 1. **Use Protected Custom Settings**: Securely store credentials in protected custom settings, ensuring they're not accessible to unauthorized users or external packages. Provide a custom UI (e.g., Visualforce, Aura, or LWC) for administrators to input and manage these credentials. 2. **Use Named Credentials**: These allow secure packaging of metadata and configuration while letting the subscriber set up credentials post-installation. Note that administrators can view these credentials, so they're suitable for locally generated or per-org secrets. 3. **Encrypt and Store in Custom Objects**: If using custom objects, encrypt credentials with Salesforce's Apex Crypto methods. Store the encryption key in a protected custom setting or hidden custom metadata API field. Configure permissions to restrict access. 4. **Avoid Public Storage**: Don't store credentials in public custom settings, public custom objects, or public custom metadata, as these are accessible to other packages and untrusted code. 5. **Implement Secure Access Controls**: Restrict credential management to authorized users (e.g., administrators) and enforce proper CRUD/FLS checks in Apex code. 6. **Prevent Debug Log Exposure**: Ensure sensitive data like API credentials isn't written to debug logs to avoid accidental exposure. These practices help ensure the security and integrity of sensitive data within Salesforce.
Reasoning
The original answer was comprehensive and accurate, requiring only minor wording improvements for clarity and conciseness. I made these refinements: used contractions ('they're' instead of 'they are', 'don't' instead of 'do not', 'isn't' instead of 'is not') to make the tone more conversational and approachable, which aligns with the brand guidelines. No technical content was outdated or incorrect. Regarding security rules selection: - ApexSuggestUsingNamedCred: The FAQ explicitly recommends Named Credentials as a best practice for storing API credentials - AvoidHardcodedCredentialsInFieldDecls, AvoidHardcodedCredentialsInVarDecls, AvoidHardcodedCredentialsInVarAssign, AvoidHardcodedCredentialsInHttpHeader: The FAQ's guidance on avoiding public storage and using secure methods directly addresses preventing hardcoded credentials in various code contexts - ApexBadCrypto: The FAQ mentions using "Salesforce's Apex Crypto methods" for encryption, which relates to proper cryptographic practices - ProtectSensitiveData: The entire FAQ is about protecting sensitive credential data, specifically mentioning preventing debug log exposure and restricting access to authorized users
Reasoning References