How does your organization handle developer application key/secret?

Not applicable

This is a question for developers/infrastructure support people from other companies. Our organization treats key/secrets as a security artifact and that has caused us some usability issues when trying to hide those. How does your organization use developer key/secrets?

0 3 165
3 REPLIES 3

If you are referring to within Apigee - you can leverage Data Masking to hide these values, or use Role Based Access Control to disable developers using the trace tool in production.

If you are referring to the Client systems that are calling the APIs, then it would depend on the technologies you use. Please could you share details are your stack?

I was mainly referring to the information in the actual Apigee Edge tool itself rather than the key and secret in flight.

We're working on a modification to Apigee Edge UI and API that would show the key + secret once.

It would be a read-once data item. Is that what you're asking about @Eric Hickman ?

I don't have an expected delivery date or status on that change. Perhaps @Joel D'sa can comment.