A developer has just completed the configuration of an API that connects sensitive internal systems.
Based on company policies, the security of the data is a high priority.
Which approach must be taken to secure API keys and passwords?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The correct approach to secure API keys and passwords is to store them in a secure manner, and to change them periodically.
Option A, embedding them directly in the code, is not a recommended approach as it makes the sensitive information vulnerable to theft or misuse if the code is compromised or shared with unauthorized parties.
Option B, storing them in a hidden file, is a better approach as it provides a level of protection from unauthorized access. However, it is important to ensure that the file is adequately protected and not easily discoverable.
Option C, storing them inside the source tree of the application, is not recommended as it makes the sensitive information easily accessible to anyone who has access to the application's source code.
Option D, changing the API keys and passwords periodically, is also a crucial aspect of maintaining security. This ensures that even if the keys or passwords are compromised, they will only be useful for a limited period of time, reducing the risk of data breaches.
In summary, the recommended approach for securing API keys and passwords is to store them in a secure manner (such as a hidden file), and to change them periodically to reduce the risk of data breaches.