Still hiding keys are we? 🙂 It’s easier to answer for normal conditions than for error conditions!
I’m not a security expert, but IMO clear text in the DB is OK because only privileged users can directly access the DB to view the key.
It’s OK in admin as well – provided it’s only displayed to privileged users, not anyone who happens to be logged in. Not necessarily super admin, unless your plugin is for multisite only. You could create custom capabilities like “view_api_key”, “edit_api_key”, etc. These could be assigned to particular users regardless of their assigned role.
For example, it’s possible for one particular author to be able to see the key, but no others. Or all admins can edit it, but only one super admin can, other supers cannot. The crux is who can grant these capabilities?
Perhaps the (super?) admin who first enters the key gets the power. They can decide who else can see or edit it, if anyone.
Thanks bcworkz…yeah, this is a conundrum I must resolve before I submit the plugin 🙂
For the heck of it, I installed a couple of different plugins requiring API keys. I submitted the info and checked the DB. It was written in cleartext. I then added an ‘admin’ user, and was able to see the API credentials when logging in with that account. So it’s apparent that others are doing it the way I currently am.
According to WPs roles and capabilities (https://codex.ww.wp.xz.cn/Roles_and_Capabilities), only admins and super-admins have access to plugins.
I think I’m safe keeping it as is 🙂
Thanks!
