-1

I am building a website that’s gonna have a pay system that works with the mollie API. In particularly the website needs to send users a payment link for their ordered products. To accomplish that mollie needs to authenticate with a api key. So I need to store the api key somewhere safely.

So my idea is to use AES Symmetric Cipher encryption when the admin registers his api key (CMS). With this encryption I need only one key to decrypt and encrypt the api key. I was thinking of using the plain text password of the admin as the key, because I don’t store this value (I hash the passwords) so it’s only available when then admin types his password. So when the admin wants to send a payment to an user the website will ask his password.

So my question is: Is this is a safe way of storing the api key?

Sorry for my bad English, it's not my native language.

Stan
  • 629
  • 7
  • 18
  • Not sure I understand: the admin manually sends things to the user? – root Feb 23 '20 at 00:40
  • In any case, it is very unlikely that this is a good/safe way to store the API key. – root Feb 23 '20 at 00:41
  • Yes the admin of the websites need to check certain things before he accepts the request of the ordered products (uploaded by the user) because he first needs to check if he is able to make those products (3d printing models). But if you think it's not a good/safe way what should i change? Or what is wrong with my approach? – Stan Feb 23 '20 at 01:49

1 Answers1

2

First. API secrets and passwords have different lifecycles (key rotation & password change policies), and possibly different complexity requirements.

Second, The admin's plaintext password shouldn't be used for anything other than signing the admin in. Don't put all your eggs in one basket - you want to limit the scope of damage in case a secret gets compromised.

You would be better off just creating a separate secret for API key encryption/decryption, and storing it in some secret management e.g. Vault, AWS secrets, etc.

If you want to avoid storing the API key altogether, and you're fine with the admin just remembering it, then you can have the admin manually enter the secret, like a second password, but in any case it would be bad practice to couple it with the admin's sign-in password.

root
  • 5,528
  • 1
  • 7
  • 15