+ Start a Discussion

Safe to include encryption keys in Apex within a managed package?

I'm pretty sure the answer to my question is "yes", but let me throw it out there to see if anyone has a better recommendation.


I'm working on an application that will be available on the AppExchange that integrates with various Amazon Web Services.


Within the Apex code, I need to include my Amazon access key and encryption key into the code so it can access some resources.


Since the Apex code will be in a managed package, I know that the source code is not accessible by a customer, so it should be okay that I leave my access key and encryption key within the code, right?  Does anyone have a better suggestion?


Essentially, can I trust that the source code isn't accessible by anyone but me?