Best practices for managing secret API keys

API Key Security Best Practices for Integrators

As an integrator, securely managing API keys is crucial to prevent unauthorized access and potential data breaches. Kiln Connect API can't perform operations on your stakes or access your funds, the main usage of Kiln's API is for reporting purposes. The following are general API key good practices :

Key Generation and Storage

Key generation and sharing: Ideally you should have direct access to Kiln's Dashboard to generate your API key and store it securely. Be extra careful sharing your API Key internally, using secure communication channels.
Avoid Embedding Keys in Code: Never embed API keys directly in your application code or client-side scripts. This practice increases the risk of key exposure and potential misuse.
Secure Key Storage: Store API keys securely, either in environment variables, a secure key management system, or an encrypted configuration file. Avoid storing keys in plaintext or in unsecured locations.

Key Usage and Rotation

Principle of Least Privilege: Assign the minimum required permissions to API keys based on the application's needs. Avoid granting excessive privileges to minimize the impact of key compromise. Please note that with the current version of the API there is no way of setting permission on an API key, the key will access by default all information from your organization.
Key Rotation: Implement a regular key rotation schedule to minimize the risk of long-term key exposure. Rotate keys periodically or whenever there is a suspected or confirmed key compromise.
Revoke Compromised Keys: Have a process in place to revoke and replace compromised API keys immediately upon detection. You can read how to perform this operation in the user documentation.

By following these best practices, you can significantly enhance the security of your API keys and mitigate the risks associated with unauthorized access, data breaches, and other security threats. For any questions, contact kiln's support.