My go-to solution for this is Google's Key Management Service (KMS) in GCP. AWS has a similar offering too. It makes encryption/decryption easy and secure without too much engineering overhead or costs.
I have similar scenario, you said you used KMS. Means did you create API-Key and API-Secret keys using KMS for each user? If there are million/billion users then you create million/billion encryptions keys in KMS? As I read, KMS creates/manages encryption keys and NOT API/Secret Keys, please share details how did you implement it to help us.
You don't need to create new keys/secrets for each user. You need to create one key in KMS and use that key to encrypt/decrypt any number of strings. What language are you using to build your integration?
I am using Node.js. So I am right now using "uuid/v1" to create API-Key and "Crypto.randomBytes(32)" to create API-Secret Key. How do you create these keys in your case?
KMS isn't meant just for generating unique API keys. You are better off using UUID and the Crypto library to do that. They are both battle tested to create unique keys. You would use KMS as a way to encrypt/decrypt your keys before storing them in your database as you should not store keys and secrets in plain text in the database.
My go-to solution for this is Google's Key Management Service (KMS) in GCP. AWS has a similar offering too. It makes encryption/decryption easy and secure without too much engineering overhead or costs.
Thanks, because I am needing this type of solution, I will definitely search about this Google service you recommended, really thank you.
I have similar scenario, you said you used KMS. Means did you create API-Key and API-Secret keys using KMS for each user? If there are million/billion users then you create million/billion encryptions keys in KMS? As I read, KMS creates/manages encryption keys and NOT API/Secret Keys, please share details how did you implement it to help us.
You don't need to create new keys/secrets for each user. You need to create one key in KMS and use that key to encrypt/decrypt any number of strings. What language are you using to build your integration?
I am using Node.js. So I am right now using "uuid/v1" to create API-Key and "Crypto.randomBytes(32)" to create API-Secret Key. How do you create these keys in your case?
What do you need KMS for? To encrypt your API keys/secrets before storing them in your database?
I am looking for cloud-based mechanism/solution to create unique API and Secret Keys instead of using "uuid/v1" and "Crypto.randomBytes(32)"...
KMS isn't meant just for generating unique API keys. You are better off using UUID and the Crypto library to do that. They are both battle tested to create unique keys. You would use KMS as a way to encrypt/decrypt your keys before storing them in your database as you should not store keys and secrets in plain text in the database.
Got it, thanks.