Hi,

We have an Apex app that will make occasional web service calls to our own web site. We use OAuth to authenticate the SF user against our provider. In order to successfully make the call from SF to us, our Apex app needs to know the consumer key and secret required to create and sign the request.

We need to store the consumer key and secret somewhere in SF, but it needs to be protected. Ideally, we would like these values to be shipped with our managed package so our customers do not need to manually enter the key and secret into Salesforce.

Is there a best practice to include sensitive information, particular the OAuth consumer key and secret, in a SF managed package? If not, what are the alternatives?

Thanks,

Steve