Safest way to store auth credentials?

Studio.dier · February 13, 2025, 1:45pm

Hi there
Still figuring out the plugin-workflow. I was wondering what is considered ‘best-practice’ when it comes to storing credentials used by a plugin.

I’m building an api-plugin that fetches data from another kirby cms, which uses the kql-plugin and thus requires basic auth.

I don’t want the credentials to be stolen obviously I’m just not too familiar with what directories are generally considered ‘safe’. I would think the .env in the root would be pretty safe?

texnixe · February 13, 2025, 3:47pm

It doesn’t really matter where you store credentials as long as it isn’t in a publicly available folder (like assets). Ideally, you would of course, store anything that should not be accessible “above the web root”, but this is usually not possible on shared hosting.

Note that basic auth is intended for server-side authentication, not for client-side.

Topic		Replies	Views
Where to store plugin data? Questions v3	18	1004	October 3, 2020
Where is the best place to store plugin cache data? Questions v2	12	2100	February 6, 2025
Save data from plugin - Best practices? Questions v3	2	312	July 7, 2019
Basic Auth vs /api/auth/login Questions v3	0	250	August 4, 2023
Authenticating a method in a plugin Plugins	1	146	March 15, 2024

Safest way to store auth credentials?

Related topics