> ¿Does netbeans provide a "keyring" of some sorts where user credentials are stored, and is such a store accessible through an API?
http://bits.netbeans.org/dev/javadoc/org-netbeans-modules-keyring/overview-summary.html > Actually this has nothing to do with IDEs and am not aware of any that integrate with such functionality. But if GitHub is able to show users some warning about leaking secretes, surely the IDE can also do something in this area? Right now NetBeans does not touch this, but I think it could. --emi On Sat, May 23, 2020 at 6:23 AM Juan Algaba <jalg...@colef.mx> wrote: > > And what help does NetBeans offer for adhering to those best practices? > > I'm currently developing new features to an existing FTP netbeans > plugin and currently store the password as plain text. > ¿Does netbeans provide a "keyring" of some sorts where user > credentials are stored, and is such a store accessible through an API? > My guess is that there is one because NB remembers my remote > repository credentials. > > On Fri, May 22, 2020 at 4:58 PM Scott Palmer <swpal...@gmail.com> wrote: > > > > Or if you are less paranoid, store and retrieve it with the Java > Preferences API. Encrypt it so it isn’t stored in plaintext. The User > preferences should be isolated from other user’s access. If your software > requires a user to authenticate in any way, use that authentication in the > encryption so there are no hard coded keys in the code. > > > > Scott > > > > On May 22, 2020, at 7:42 PM, Daoud Abdelmonem Faleh < > abdelmonem.fa...@gmail.com> wrote: > > > > > > Actually this has nothing to do with IDEs and am not aware of any that > integrate with such functionality. > > > > The general consensus for managing users secrets (API keys, Databases > credentials,...) is to use a secrets management system. > > Many of the public clouds providers have this kind of service (AWS > Secrets Manager, GCP secrets manager, Azure Key Vault, ...) if you're on > premises opensource tools do exist (Hashicorp vault, Square Keywhiz). > Spring framework seems to support many of them. > > Github do have a secrets scanning tool that recognize many of public > APIs. Other tools are available to scan source code for secretes and can be > configured as pre-commit hook (Yelp Detect Secrets come to mind). > > > > HTH, > > --Daoud > > > > On Fri, May 22, 2020 at 10:27 PM Alonso Del Arte < > alonso.dela...@gmail.com> wrote: > >> > >> This is somewhat of a general Java question, but I do believe it has an > IDE-specific component. > >> > >> What are the best practices for storing and retrieving API keys in Java > programs? And what help does NetBeans offer for adhering to those best > practices? > >> > >> Suppose for example that your key for an example widget API is > "555EXAMPLE." You could certainly write "private final static String > API_KEY = "555EXAMPLE";" and then each time you need the key, you write > "API_KEY" where it's needed. > >> > >> String query = "https://www.example.com/api/q="; + sendParams + "&key=" > + API_KEY; > >> URL queryURL = new URL(query); > >> HttpURLConnection conn = (HttpURLConnection) queryURL.openConnection(); > >> conn.setRequestMethod("POST"); > >> // etc. > >> > >> But then I might forget about the API key and upload the source file to > a public GitHub repository (maybe GitHub would alert us, but I don't know > for sure). > >> > >> I suppose I could store the API key in a file or folder listed in the > Git Ignore, and then create a class to store and retrieve API keys, but > that would probably feel like I'm reinventing the wheel... > >> > >> Alonso del Arte > >> Author at SmashWords.com > >> Musician at ReverbNation.com > > > -- > > - Juan Algaba > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@netbeans.apache.org > For additional commands, e-mail: users-h...@netbeans.apache.org > > For further information about the NetBeans mailing lists, visit: > https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists > >
