Reputation: 103
Best way to secure 3rd party api key in MongoDB
I have a specific use case in my application to store users 3rd party API Keys to retrieve data from those 3rd parties. It is a web application and I am using express as well as MongoDB for the database.
Is there a specific way to best secure it (I need to access the actual key multiple times after it's stored). Or should I not be storing these at all?
If not, what solutions do you have to get around this problem?
Upvotes: 1
Views: 1200
Answers (1)
Reputation: 13805
If you're storing the keys in MongoDB, this might be a good use case for Client-Side Field Level Encryption introduced in MongoDB 4.2.
From the page:
Applications can encrypt fields in documents prior to transmitting data over the wire to the server. Only applications with access to the correct encryption keys can decrypt and read the protected data. Deleting an encryption key renders all data encrypted using that key as permanently unreadable.
See Client-Side Field Level Encryption Guide for an example use case.
Note that some of the nicer features of Field Level Encryption such as automatic encryption of fields so the encrypted field can be transparently used by the drivers are MongoDB Enterprise Edition feature and not the Community Edition feature. However, MongoDB Atlas uses the Enterprise Edition as standard.
Upvotes: 0
Related Questions
- How to secure MongoDB with username and password
- How to protect my mongodb database to be accessed without password?
- Using MongoDB and storing critical information so that it is protected
- How to Secure REST API with API Keys
- How to best secure MongoDB database url in Node.js app
- Storing sensitive data in mongodb/node
- MongoDb application security
- MongoDB: Architecture and security best-practices
- Should I secure my MongoDB Database?
- create secure database in mongodb