+ Start a Discussion
Dippan PatelDippan Patel 

Storing sensitive data using custom settings

Hi All, 

I have hardcoded client id and client secret in my code. Salesforce review mentioned to use protected custom settings to store sensitive information. 

So, I created a protected custom setting with two fields client id and client secret. I saved the values in it at  Default Organization Level Value. This custom setting is added to my managed package.

I am able to access it in the developer org, but if my package is installed in another org, it returns null. Below is the code used to access the client id
Access_Key__c authTokenSetting = Access_Key__c.getOrgDefaults();
String rawcryptoKey = authTokenSetting.UniqueEntry__Crypto_Key__c;
System.debug(LoggingLevel.DEBUG, 'Raw crypto key:    ' + rawcryptoKey);

 
Best Answer chosen by Dippan Patel
kumud thakur 20kumud thakur 20
I am not sure why does not work for you . I created one heirarchy custom setting in my org and below code is working.
system.debug(Dreamhouse_Settings__c.getInstance());
system.debug(Dreamhouse_Settings__c.getInstance().name);

Dreamhouse_Settings__c is a heirarchy custom setting and getInstance return the complete record. 
Dreamhouse_Settings__c.getInstance().name return the name of the record. 
May be you can try to use list custom setting.

All Answers

kumud thakur 20kumud thakur 20
Hi Dippan

Custom setting is like an object and your two fields value store as a data. When you move the apex code or custom setting from one org to another you need to add values in the custom setting. 

Please insert the data and try.
Dippan PatelDippan Patel
Hi Kumud. 

Thanks for your reply. I've already added values in the custom setting by clicking on manage and then save. Do you mean this? User-added image
kumud thakur 20kumud thakur 20
I am not sure why you create a hierarchy type of custom setting, you can also use list setting but any way,please try with below code :


    //getOrgDefaults() returning empty object/null when API >23.0, so update custom setting
    if (Access_Key__c.getInstance() == null) {
        upsert new Access_Key__c (SetupOwnerId = Userinfo.getOrganizationId());   // if get null update the setting       
    }
      
      
   
      String rawcryptoKey = Access_Key__c.getInstance().UniqueEntry__Crypto_Key__c;
    System.debug(LoggingLevel.DEBUG, 'Raw crypto key:    ' + rawcryptoKey);
Dippan PatelDippan Patel
getInstance() is also giving null value. 

When I tried your code, Access_Key__c.getInstance() is not null so it doesn't upsert. But Access_Key__c.getInstance().UniqueEntry__Crypto_Key__c gives null.

Any idea why? 
kumud thakur 20kumud thakur 20
I am not sure why does not work for you . I created one heirarchy custom setting in my org and below code is working.
system.debug(Dreamhouse_Settings__c.getInstance());
system.debug(Dreamhouse_Settings__c.getInstance().name);

Dreamhouse_Settings__c is a heirarchy custom setting and getInstance return the complete record. 
Dreamhouse_Settings__c.getInstance().name return the name of the record. 
May be you can try to use list custom setting.
This was selected as the best answer