How to Securely Store an API Key in Acumatica Customization Without Exposing It in Snapshots?

@jwestermann17

However, we noticed that this method still allows the key to be read as base64 from snapshot files, which can then be converted back to the actual key.

I don’t  think this observation is entirely correct.

There is ‘Encryption Certificates’ page in the system. If there is an encryption certificate created, the key will not be stored as base64, instead it’ll be encrypted with the certificate. Of course, on a dev machine you likely do not have the Encryption Certificate entered and thus you see it in base64. However, the live sites are supposed to have the certificates.

As for excluding things from snapshots, you can customize snapshot configurations. There are snapshot configs stored in \App_Data\SnapshotConfigs in a form of xml files. You can create new ones and modify existing ones and include it into a customization package. 

However, I must warn you that on versions of Acumatica before 24r2 there is no ‘merge’ of customizations of snapshot configs, so you must touch the existing ones only if it’s absolutely necessary.

Starting from 24r2, there are merge rules and better structure for snapshot customization.

Hello,

I've reviewed the developer and live environments provided by Haufe, and I couldn't find any encryption certificates. I'm unsure if it's possible for us to create our own encryption certificate, especially on existing live instances, since we only need it for a specific field at the moment. If it is possible, I would appreciate guidance on how to implement it.

Considering that our customer instances are primarily hosted by Haufe, I assume modifying the snapshot configurations might not be a reliable solution, as they could be overwritten with future updates. We won’t be able to upgrade until mid 2025.