Encrypted Key-Value Pairs


Here’s the use case:

I have an API Secret Key that I need to use in a Snap, but I don’t want it to be stored in plain text. Can we have the concept of an encrypted key-value pair, similar to how passwords on accounts are encrypted, that I can use in my pipelines? Ideally I could set these up in a similar way that accounts in a project folder are set up, and then add it to a Pipeline so I can use them the same way pipeline parameters are used (e.g.: _name).


1 Like

Which Snap in particular, one of the REST snaps?

The specific use case I’m trying to solve for is a Script snap.

What you can do for the time being is to use “Encrypt Field” and “Decrypt Field” snaps. Encrypt it then store it locally in an SLDB file or in a DB then decrypt it on the fly as you needed it. I know this is isn’t ideal but it addresses your needs to some extent.

I second this request. I have an “API” endpoint I need to use, but they require the credentials be POSTed as query parameters.

I can’t use an Account object, and the Encrypt/Decrypt options have the key available… So anyone with access to the pipeline can extract the credentials.

But now I realize that even the encrypted credentials can be extracted, since you can just point a REST or DB snap at an endpoint you control and read the values that are sent.

This suggestion is still valuable though, as it would help in abstracting credentials of this type out of the pipeline.

I now see the Transform->Passphrase-based Key option for an account I had previously missed, so aleung’s answer makes more sense.