function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
koshkosh 

Using encrypted api keys

Hi,

I'm looking for patterns that other teams have used in the following scenario -

- An action by a logged in customer service rep, results in an api call to our service.

Now, the API call will need to have authorization headers, which is built with an API key. If I (as an admin dev-ops) store the API key in an encrypted config field, how would it be accessible to the apex workflow initiated by the customer service rep?

The easiest solution is to give to my customer service agent's profile, the ability to read encrypted field...but it feels like it defeats the purpose obscuring/securing the config from people other than admin devops folks like myself. How have people worked around having to store and use encrypted API keys and APEX callouts?