Guides

Important: best practices

Suggest Edits

❗️

Important: please read carefully

Given the sensitive nature of API credentials, adhering to strict best practices is crucial to preventing unauthorized access to your assets.

Below are the best practices for securely using and storing your API credentials with Palisade:

  1. Rotate credentials regularly
    Regularly delete and recreate API credentials to prevent the risk of a compromised clientSecret.
  2. Limit credential permissions
    Assign the least amount of privilege or permissions necessary to each set of credentials, in accordance with the principle of least privilege (PoLP).
  3. Implement IP whitelisting
    Only allow requests from specified trusted IP addresses, rather than all IP addresses. This prevents access requests from unknown sources.

Principle of least privilege

The principle of least privilege (PoLP) refers to creating API credentials with as little privilege, or scope, as possible. This practice limits permissions to only those necessary to complete the task at hand.

When credentials are limited to specific scopes, even if they are compromised, the damage an attacker can inflict is constrained to the permissions assigned to those credentials. Therefore, the PoLP minimizes the exposure of sensitive operations and data to potential threats.

Furthermore, utilizing multiple sets of credentials for differing operation types, rather than relying on a single, highly privileged set of credentials, serves to compartmentalize access and functionalities.

This compartmentalization is crucial as it:

  • Facilitates auditability: Having designated credentials for specific operation types makes it easier to trace and log actions.
  • Enhances operational security: Multiple credentials allows organizations to tailor access and permissions based on the varied needs/risks associated with different operation types.

In conclusion, applying the principle of least privilege through minimally scoped credentials, and multiple credential sets for varied operations, are vital strategies in enhancing security, managing risks, and maintaining the integrity of the system.

Updated 2 months ago