I’d love to have a conversation about best practices for storing, and using, 3rd party passwords in a Yii application.
There are still a lot of SaaS providers that use user-specific username/password authentication to access their API.
Where do we store this username/password inside Yii applications? Do we store them in plaintext?
This seems like a security risk but I’m unclear of any other solution. I’d much prefer handing off the storage of those passwords to a hardened provider of some sort, but, even then, wouldn’t I need to fetch that information and store it locally in plaintext (even if just in memory) to use it every time authentication against the 3rd party API was needed?