FAQ-000735 - Data Storage and Encryption Security / Vulnerability Identification and Remediation

To resolve an "Insecure Storage of Sensitive Data" finding for a key stored as a static variable in Apex: 1. **Use Protected Storage**: Store the key in a **protected custom setting** or **protected custom metadata API field** to prevent exposure in the codebase. 2. **Retrieve Securely**: Access the key securely from the protected storage at runtime when needed in Apex. 3. **Configure Permissions**: Ensure that access permissions for the protected custom setting or metadata are properly configured to restrict unauthorized access. This approach secures the key and mitigates the vulnerability effectively.

The FAQ content is accurate and well-structured, addressing the core security issue of hardcoded sensitive data in Apex static variables. No changes to the answer are needed as it provides clear, actionable steps that align with security best practices. I selected four related security rules: 1) AvoidHardcodedCredentialsInFieldDecls - This rule directly relates to the FAQ's scenario of 'a key stored as a static variable' which would be detected as a field declaration containing hardcoded credentials. 2) AvoidHardcodedCredentialsInVarDecls - This rule applies to the specific case mentioned in the FAQ question about keys in static variables, which are variable declarations. 3) AvoidHardcodedCredentialsInVarAssign - This rule covers scenarios where sensitive data might be assigned to variables, complementing the static variable storage issue. 4) ProtectSensitiveData - This is the overarching rule that addresses the general principle of protecting sensitive data that the FAQ is teaching, encompassing the broader security concern beyond just hardcoded credentials.