❗️

Important: Please read carefully

Given the critical nature of API credentials, adhering to stringent best practices is crucial to prevent unauthorized access and safeguard the integrity and confidentiality of interactions with the Palisade platform and your assets.

Below are the minimum recommended best practices for using and storing API credentials:

1. Use encryption

Store credentials in an encrypted format, using advanced encryption standards, to protect against unauthorized access and disclosure.

2. Leverage secure storage solutions

Utilize secure and dedicated credential storage solutions like hardware security modules (HSMs) or secure vaults to store sensitive information securely.

3. Rotate credentials regularly

Regularly rotate and update API credentials to mitigate the risk of compromise due to prolonged exposure.

4. Limit credential permissions

Assign the least amount of privilege necessary, limiting the scope of actions each set of credentials can perform to minimize potential damage from compromise. Learn more about the principle of least privilege (PoLP)

5. Implement IP whitelisting

Restrict access by allowing requests only from trusted IP addresses, preventing unauthorized access attempts from unknown sources.

6. Maintain strict access controls

Employ granular access control policies to regulate who has access to credentials and under what circumstances.

7. Enable logging and monitoring

Maintain detailed logs of access and usage patterns and monitor them regularly for any suspicious or unauthorized activities.

8. Keep credentials out of source code

Avoid embedding credentials directly in source code or configuration files, and never expose them in client-side code or public repositories.

8. Educate and train staff

Continually educate and train staff on the importance of credential security and best practices to ensure informed compliance.

Principle of least privilege

Creating credentials with the minimum scopes required, or the principle of least privilege (PoLP), is paramount in limiting the potential impact of unintentional misconfigurations or malicious compromises. This practice constrains user permissions to only those necessary to complete the task at hand, thereby reducing the attack surface and mitigating the risk of unauthorized access and operations.

When credentials are limited to specific scopes, even if they are compromised, the damage an attacker can inflict is constrained to the permissions assigned to those credentials. This increases the security posture of the system by minimizing the exposure of sensitive operations and data to potential threats.

Furthermore, utilizing multiple sets of credentials for differing operation types, rather than relying on a single, highly privileged set of credentials, serves to compartmentalize access and functionalities. This compartmentalization is crucial as it:

• Prevents Overreach: It ensures that a compromise of one set of credentials doesn’t grant blanket access or control over all operations and data, containing the potential impact.
• Facilitates Auditability: Having designated credentials for specific operation types enhances the traceability and auditability of actions, allowing for more granular monitoring and logging.
• Enhances Operational Security: Multiple credentials promote operational security by allowing organizations to tailor access and permissions based on specific needs and risks associated with different operation types.

In conclusion, applying the principle of least privilege through minimally scoped credentials and utilizing multiple credential sets for varied operations are vital strategies in enhancing security, managing risks, and maintaining the integrity and confidentiality of the system in a multi-operational environment.