Secure API Keys

[BlackWingedKing]

Hello, @cjdsellers,
Currently, we are expecting the API keys to be stored as environment variables. (so, anyone who has access to our current environment could read them)

I was wondering

1. If we could have encrypted keys stored as environment variables and decrypt them as we load them (so, it would be something like api_key = decrypt(os.getenv(...)))
2. It would be more secure to store the decrypted api_keys as secure or protected string instead of normal string?

Thank you.

[Troubladore]

If this is work you already had planned but would like help on, just let us know the pattern you were planning on and maybe we can submit a solution.

[eicnix]

I don't believe there is any feasible way in scope of a trading library to securely store secrets if an attacker has access to the system. While you could store the keys in an encrypted manner the decryption key would need to be in plaintext and thus be visible to an attacker.

Do you have a specific attack scenario in mind here?

[Troubladore]

My thought here is to increase the difficulty of compromising the system. Generally speaking, I'm thinking about protecting the data at rest (encrypted values in the ENV variables), and protected while in-use (decrypting values from ENV into secure strings alt alt rather than plaintext string arrays).

I haven't done this in Python, but I'm imagining it's fairly similar across languages. Here are a few examples I found Googling around that look similar to what I've seen in C#, PoSH, and JS:
https://www.example-code.com/chilkat2-python/rest_basic_auth_secure_strings.asp
https://towardsdatascience.com/python-and-aws-ssm-parameter-store-7f0e211bb91e

A dedicated agent with unrestricted system access cannot be held off, but these types of safeguards provide protection against some trojans or less privileged attackers, or against us accidentally sharing out files containing secrets we shouldn't have...

[cjdsellers]

There isn't currently anything on the roadmap relating to this. However, I think its a great suggestion - if you wanted to open an issue which proposes how we could implement something like the above then we could discuss further there and work towards a PR?

[cjdsellers]

@BlackWingedKing @Troubladore Did you have any technology suggestions I could review before opening up an issue on this? Also, if you wanted to take the lead on opening the issue and lay out your suggestions then please feel free to do so!