Actually this has nothing to do with IDEs and am not aware of any that integrate with such functionality.
The general consensus for managing users secrets (API keys, Databases credentials,...) is to use a secrets management system. Many of the public clouds providers have this kind of service (AWS Secrets Manager, GCP secrets manager, Azure Key Vault, ...) if you're on premises opensource tools do exist (Hashicorp vault, Square Keywhiz). Spring framework seems to support many of them. Github do have a secrets scanning tool that recognize many of public APIs. Other tools are available to scan source code for secretes and can be configured as pre-commit hook (Yelp Detect Secrets come to mind). HTH, --Daoud On Fri, May 22, 2020 at 10:27 PM Alonso Del Arte <alonso.dela...@gmail.com> wrote: > This is somewhat of a general Java question, but I do believe it has an > IDE-specific component. > > What are the best practices for storing and retrieving API keys in Java > programs? And what help does NetBeans offer for adhering to those best > practices? > > Suppose for example that your key for an example widget API is > "555EXAMPLE." You could certainly write "private final static String > API_KEY = "555EXAMPLE";" and then each time you need the key, you write " > API_KEY" where it's needed. > > String query = "https://www.example.com/api/q="; + sendParams + "&key=" + > API_KEY; > URL queryURL = new URL(query); > HttpURLConnection conn = (HttpURLConnection) queryURL.openConnection(); > conn.setRequestMethod("POST"); > // etc. > > But then I might forget about the API key and upload the source file to a > public GitHub repository (maybe GitHub would alert us, but I don't know for > sure). > > I suppose I could store the API key in a file or folder listed in the Git > Ignore, and then create a class to store and retrieve API keys, but that > would probably feel like I'm reinventing the wheel... > > Alonso del Arte > Author at SmashWords.com > <https://www.smashwords.com/profile/view/AlonsoDelarte> > Musician at ReverbNation.com <http://www.reverbnation.com/alonsodelarte> >
