1

I am using Botkit to create a Slack bot. This bot will make calls to another service which requires different credentials. I would like to let the user securely store & retrieve this other service's credentials using their Slack credentials. I would also like to make sure that only the user is able to decrypt these credentials.

I considered and tried searching for some of the following options, but have had no luck:

  1. Store the API key in some secured storage in Slack linked to the user.
  2. Encrypt the API key using the Slack user's credentials and store it on the Botkit Mongo DB.

What is the best way to securely store and retrieve this second key?

Syntle
  • 5,168
  • 3
  • 13
  • 34
James W
  • 39
  • 5

1 Answers1

0

No. The Slack API does not provide any functionality of securely storing API keys for 3rd party services. You have to implement that yourself in your app.

Erik Kalkoken
  • 30,467
  • 8
  • 79
  • 114