Storing and using secrets is one of the most sensitive actions taken by a developer to ensure the security of shopper information. A secret can be, and is not limited to, the following items.
You can help prevent data exposure in a number of ways. First, make sure that sensitive data in forms isn’t logged or otherwise stored unless it’s absolutely necessary. Data that isn’t retained can’t be stolen. If you must store sensitive data, discard it as soon as possible and make sure that it’s encrypted. For credit card data, make sure that you use PCI DSS compliant tokenization or truncation.
You can use the following APIs to store secrets securely on Salesforce B2C Commerce.
For each web service, the framework requires a service configuration, service profile configuration, and service credential configuration. You can create and manage these configurations in Business Manager.
Service credentials are accessible in B2C Commerce API as the dw.svc.ServiceCredential object. They are read-only and should never
be returned to a storefront request or written into any logs.
Cryptographic keys and certificates are
pivotal resources for encryption and decryption, authentication, signatures, and
more. Manage these keys and certificates by using the dedicated Business Manager
wizard. They are accessible in the script API using the
CertificateRef and KeyRef classes.
You can extend the B2C Commerce object model by using custom objects. You can customize custom attributes, their respective fields, and properties of the custom object type.
Use type PASSWORD with any custom object attribute that
handles secret information.