ZenHub API Key Security: How to Store Your Tokens Safely
Security is paramount when using third-party tools. Learn how ZenStat ensures your ZenHub API keys are protected.
ZenHub API Key Security: How to Store Your Tokens Safely
When you use an analytics tool like ZenStat, you need to provide an API token to allow the app to fetch your workspace data. For many engineering teams, this raises an immediate question: "How safe is my data?"
At ZenStat, we take a "Security First" approach to your credentials. Here is how we handle your API keys and what you can do to ensure your tokens stay safe.
How ZenStat Protects Your Key
We don't just "save" your key to a database. We use industry-standard encryption protocols to ensure that even if our database was compromised, your tokens would remain unreadable.
- AES-256-GCM Encryption: Every API key is encrypted using AES-256-GCM. This is the same grade of encryption used by banks and government agencies.
- Unique Initialization Vectors (IV): We never use the same "key" to encrypt twice. Every entry has its own unique security layer.
- Decrypted on Demand: Your key is only decrypted at the exact moment a request is made to the ZenHub API. It is never stored in "plain text" in our logs or caches.
Best Practices for Your ZenHub Token
Even with our security measures, here are three things you should do:
- Use a Dedicated "Reporting" User: If possible, create a service account in GitHub/ZenHub with read-only access to your workspaces, and use that token for analytics.
- Regularly Rotate Keys: It is a good security hygiene to rotate your API tokens every 90 days. ZenStat makes this easy—just go to your Settings Page and update your key.
- Delete When Not in Use: If you stop using ZenStat, use our "Delete Key" feature to completely wipe your credentials from our system.
Trust is Our Priority
We built ZenStat for developers, by developers. We know how sensitive your GitHub data is, and we treat it with the respect it deserves.