+ Start a Discussion
Yogesh BiyaniYogesh Biyani 

Help removing credentials from apex

Here is the current code and as you can tell the credentials are visible to anyone accessing the code. How can we remove it from the code? 
String myString = 'somekey:somepassword';
        
        Blob myBlob = Blob.valueof(myString);
        
        String authorization1 = 'basic ' + EncodingUtil.base64Encode(myBlob);
        HttpRequest req = new HttpRequest();
        
        req.setEndpoint('https://api.somesite.com/token');
        req.setMethod('POST');
        
        req.setBody('grant_type=client_credentials');
        
        req.setHeader('Authorization', authorization1);
        
        req.setHeader('Content-Type', 'application/x-www-form-urlencoded');
        
        Http http = new Http();
        
        HTTPResponse res = http.send(req);

I reviewed Named Credentials but am thrown off with the 64 bit encoding requirement. Thanks in advance for your help.

Yogesh
Raj VakatiRaj Vakati
You can move them in the custom setting to custom metatadat or named credentials

even you can store in the files 

These are the differnt ways 

Option 1 : Named credentials 

A named credential specifies the URL of a callout endpoint and its required authentication parameters in one definition. Salesforce manages all authentication for Apex callouts that specify a named credential as the callout endpoint so that your code doesn’t have to. You can also skip remote site settings, which are otherwise required for callouts to external sites, for the site defined in the named credential.


Refer this link 

https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_callouts_named_credentials.htm
 
HttpRequest req = new HttpRequest();
req.setEndpoint('callout:My_Named_Credential/some_path');
req.setMethod('GET');
Http http = new Http();
HTTPResponse res = http.send(req);
System.debug(res.getBody());


Option 2 : Platform Encryption wih Custom Objects 

Create a custom object with create a field with  the platform encryption  .. in this case too access your key we need manage encryption key permission to view the data 

 
Option 3:  Use Custom Settings 

https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_customsettings.htm

Option 4 : Custom Metadata 


https://trailhead.salesforce.com/en/content/learn/modules/custom_metadata_types



Option 6 :You can store in the files and attachments and encrypt them 

 
Yogesh BiyaniYogesh Biyani
Hello Raj,

Thanks for the list of options. I will try and let you know it goes.

Yogesh