This topic was automatically generated from Slack. You can find the original thread here.
Todd Sharp : hey all - apologies if this has (likely) been asked before… is there a mechanism to store sensitive credentials? say I want to call an unsupported third-party API - how would I safely store my creds?
Todd Sharp : Seems the docs say to use ENV vars - but is that safe/encrypted?
Dylan Sather (Pipedream) : Yes, it’s recommended to use env vars. Those are are encrypted within our database, and that database is encrypted at rest. This section of our security docs is also true for env vars: https://pipedream.com/docs/security/#third-party-oauth-grants-and-api-keys
Dylan Sather (Pipedream) : What API are you trying to connect to? We can also add that as an integration, if you’d like
Todd Sharp : well, how are API keys stored for integrations? i think the question in general is valid - are API credentials secure in your system? 
Dylan Sather (Pipedream) : Did the security doc I shared above not clarify that?
Dylan Sather (Pipedream) : Happy to answer more specific questions (and update the doc accordingly)
Todd Sharp : oops - did not see the link - my bad
Dylan Sather (Pipedream) : No worries!
Todd Sharp : > When you link credentials to a specific source or workflow, the credentials are loaded into that program’s execution environment, which runs in its own virtual machine, with access to RAM and disk isolated from other users’ code.
this is the important part - good to know