Custom Settings Initialization for Sensitive Credentials

Background:

We are developing an application, where we need to make HTTP Callouts to our external web services. Few of our web services require encrypting request content using Secret Key issued by our servers. We need to store and use this SecretKey from APEX code of our SF app. As per Salesforce security recommendation here we plan to use CustomSettings in APEX to store this SecretKey. However, Salesforce documentation says that only CustomSettings Definitions are included in the package and not data.

Question:

When and how should I initialize the CustomSettings to store this SecretKey. I investigated around this and came to know that we should do initialization in the Post Install script. Should I create a post install script and hardcode the secret key there and initialize the customsettings using that ? Salesforce documentation also says that never hard code sensitive information in the APEX code. So, I am not able to figure out a better way to initialize the custom settings.

April 26, 2013
·
Like
0
·
Follow
0

Best Answer chosen by Admin (Salesforce Developers)

Bhawani Sharma
Yes

April 27, 2013
·
Like
0
·
Dislike
0

Bhawani Sharma
If this will be different for all the customers, then you definitely need to mentioned that in Post Installation Manual steps. You can give a guide to user on, how to configure that.
If this will be same for all the customer, then you can have thsi in Post Installation script.

April 26, 2013
·
Like
0
·
Dislike
0

Ishaan Uppal
Thanks. It will be same for all customers. So, I should be hard-coding this in the post-install script, Correct ?

April 27, 2013
·
Like
0
·
Dislike
0

Browse by Topic

Welcome to Support!

Show

sorted by

Custom Settings Initialization for Sensitive Credentials

All Answers

You need to sign in to do that.