solution for key store

[bytesun]

For the case that app will integrate the 3rd party service, what is the way to store service key

[peterpeterparker]

On the IC or Juno, if you want to save a service key, the common approach is to store it in your backend—in Juno, this would be in a collection with permissions set as"controller." However, it's important to note that this approach is not entirely secure. For example, a compromised or malicious node provider could potentially access the canister's memory and extract the key.

Looking ahead, the VetKey proposal aims to offer some encoding mechanisms. However, based on its current design and what I heard, it appears to require the client to hold the private key, which may not be directly applicable for scenarios involving service keys.

In summary, it's probably acceptable to save keys in collections set as controllers if it does NOT require absolute, 100% security. For highly sensitive information, the risk of a compromised node provider accessing canister memory must be carefully considered.