What is the Mendix best practise for storing passwords one needs for calling 3rd party rest services.

3
Hi there What is the Mendix best practise for storing passwords one needs for calling 3rd party rest calls.  We integrate with many systems and we want to let the users setup there own options of integrations and licensing options. We dont necassary want to show the passwords that have been entered. If we use hash string we cant use it for the passwords in the rest calls.  Ive read through other questions on the forum, and it looks like i must use encryption to encrypt and decrypt the password or just not show it unless it needs to be changed.   So the questions is…. Is there a best practise to use, that is easy and fast to store passwords securely?   Regards, Patrick   
asked
2 answers
5

Hi Patrick,

You could use the encryption module to encrypt and decrypt user submitted passwords in the database.

Please note that if you set the encryption key in a constant and commit the value to the team server all developers that have access to the repository will see this key! 

Greetings,
Niels

answered
0

Hi Patrick,

I think the best and easiest way to do this is in constants.
https://docs.mendix.com/refguide/constants

To see (and edit) this constants you need a Mendix developer account and on a production environment there is a two factor authentication required.

I think this is much saver then in a field in the database.

Regards Cillus

answered