Anonymous Monk has asked for the
wisdom of the Perl Monks concerning the following question:
I'm working on an application that stores a user's sensitive API key for another site. The key is stored encrypted in the database using the user password to generate an encryption key. The decrypted key is only needed for one specific function of my application. What is the best way to handle decrypting and using the API key? Currently I'm decrypting the key on login, when I have access to the password, and storing the key in the CGI::Session based session. However, that creates the problem that if someone were to get access to the database they would be able to view unencrypted keys stored in any sessions that hadn't yet been deleted.
Is there a better way to do this?