+ Start a Discussion
Yogesh BiyaniYogesh Biyani 

Help removing credentials from apex

Here is the current code and as you can tell the credentials are visible to anyone accessing the code. How can we remove it from the code? 
String myString = 'somekey:somepassword';
        Blob myBlob = Blob.valueof(myString);
        String authorization1 = 'basic ' + EncodingUtil.base64Encode(myBlob);
        HttpRequest req = new HttpRequest();
        req.setHeader('Authorization', authorization1);
        req.setHeader('Content-Type', 'application/x-www-form-urlencoded');
        Http http = new Http();
        HTTPResponse res = http.send(req);

I reviewed Named Credentials but am thrown off with the 64 bit encoding requirement. Thanks in advance for your help.

Raj VakatiRaj Vakati
You can move them in the custom setting to custom metatadat or named credentials

even you can store in the files 

These are the differnt ways 

Option 1 : Named credentials 

A named credential specifies the URL of a callout endpoint and its required authentication parameters in one definition. Salesforce manages all authentication for Apex callouts that specify a named credential as the callout endpoint so that your code doesn’t have to. You can also skip remote site settings, which are otherwise required for callouts to external sites, for the site defined in the named credential.

Refer this link 

HttpRequest req = new HttpRequest();
Http http = new Http();
HTTPResponse res = http.send(req);

Option 2 : Platform Encryption wih Custom Objects 

Create a custom object with create a field with  the platform encryption  .. in this case too access your key we need manage encryption key permission to view the data 

Option 3:  Use Custom Settings 


Option 4 : Custom Metadata 


Option 6 :You can store in the files and attachments and encrypt them 

Yogesh BiyaniYogesh Biyani
Hello Raj,

Thanks for the list of options. I will try and let you know it goes.