How to store API keys?

short question about security.
Is this the right way to work with API Keys in Activepieces? These are there (red arrow in the image) in plain text. I actually know that these are displayed in encrypted form.

Quick question also about the publish button.
This only makes the flow ready for productive use, right?
A publication of the flow is not coupled to it?

1 Like

Hi @Ben

  1. Regarding API Keys:
    a) Yes, headers are the right place to put them in an HTTP request. I’m not sure what you mean by they’re displayed in an encrypted form but they are not visible to anyone other than you.

    b) Security-wise, we don’t encrypt those before storing them yet. We only encrypt the keys that are added under the Connection option in apps pieces, like Google Sheets for example.

    c) We’re planning to add a custom type of Connections so you can add API keys there and use them in an HTTP request with a higher level of security.

    d) Be careful when you share the flow with someone or share your Activepieces with other users as this is displayed in your account without protection. Remove key if you share the flow as a template, and only share your Activepieces account with trusted users.

  2. Regarding Publish: Yes, you click this button to save changes to your flow in a production state. This means the changes you made will take effect in real life. It’s a great way to protect your running flows from being mistakenly changed without your confirmation.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.