DEV Community

Discussion on: Best practices to generate and store API keys using Node.js?

 
shaileshkanzariya profile image
sk

I am using Node.js. So I am right now using "uuid/v1" to create API-Key and "Crypto.randomBytes(32)" to create API-Secret Key. How do you create these keys in your case?

Thread Thread
 
nagarjun profile image
Nagarjun Palavalli

What do you need KMS for? To encrypt your API keys/secrets before storing them in your database?

Thread Thread
 
shaileshkanzariya profile image
sk

I am looking for cloud-based mechanism/solution to create unique API and Secret Keys instead of using "uuid/v1" and "Crypto.randomBytes(32)"...

Thread Thread
 
nagarjun profile image
Nagarjun Palavalli • Edited

KMS isn't meant just for generating unique API keys. You are better off using UUID and the Crypto library to do that. They are both battle tested to create unique keys. You would use KMS as a way to encrypt/decrypt your keys before storing them in your database as you should not store keys and secrets in plain text in the database.

Thread Thread
 
shaileshkanzariya profile image
sk

Got it, thanks.