All large cloud providers offer services such as a Secret Manager to safely store/retrieve say 3rd party API keys, certs or any other sensitive data.
Does Stytch offer such a product or is there another way to shape such functionality?
Maybe a little bit more context: my app needs to connect to 3rd party web services using API Keys and I don’t want to store those keys in my backend but rather want to use a secret store out there.
Hey Ben,
Thanks so much for posting!
Stytch doesn’t have a dedicated secret manager service at the moment - your Stytch API keys are available in your Stytch Dashboard and you can rotate your secret and public_token from the Dashboard directly.
Can you describe the functionality you’re looking for in a bit more detail? Are you imagining an API endpoint or service that allows you to manage your Stytch API keys programmatically, or a Stytch service that enables the management of other 3rd party secrets/API keys used in your application?
Hi Matt,
This is the example of a secret manager from Google:
Essentially, my app (backend) needs to connect to another 3rd party web service using an API Key. Instead of persisting the API keys for each of my users within my backend, I want to delegate the secure storing of said API keys within a secret manager.
In other words, when a user authenticates, my backend pulls in the required API Keys from the secret manager to be able to connect to multiple 3rd party services that themselves use the API Key as a secret for billing.
I found this blog on the Spring website:
Hey Ben,
Got it, thanks for clarifying the use case here!
Stytch doesn’t currently offer a similar service for secret management, but I’ll pass this along to our Product team as a feature request.
We do have offer a feature called User metadata, which allows you to store arbitrary metadata on a Stytch User object. Secret values like API keys shouldn’t be stored there (as such metadata is available on the User object itself), but you may be able to store something like a non-sensitive, public identifier that maps a given Stytch User to a database elsewhere, or to an identifier in the secrets manager service (or something similar).
That said, happy to answer any other questions you might have about this or anything else!