Best practice for storing API keys securely in a B2B SaaS

Question

My company builds B2B software that has integrations with other systems. These usually require an API key or similar.When connecting to these systems, we need the API key as plain text.What is the best practice for storing integrations API keys?Storing it as plain text in our DB, might be risky in case our DB is compromised.Thanks

lioeters · Accepted Answer

API keys are typically stored as environment variables:https://help.openai.com/en/articles/5112595-best-practices-f...

ayi · Answer

Deploying them as ENV values and reading from env is the best practice as far as I know. But "deploying" part depends on your infrastructure.