API keys and secrets are sensitive pieces of information that allow access to your exchange account, albeit with limited permissions. Therefore, it’s crucial to store them securely. Here are some recommendations on where and how to save your API key and secret:
Secure Digital Storage: You can save your API keys in a secure digital note-taking app that has strong encryption, such as LastPass or 1Password. These tools also offer password-protected notes where you can store sensitive information.
Offline Storage: Another option is to store your API keys offline. You can write them down on a piece of paper and store it in a secure location. Remember, this paper should be kept safe from both physical damage and unauthorized access.
Encrypted Files: You could also store the keys in an encrypted file on your computer. There are several tools available that can encrypt files, such as VeraCrypt.
Hardware Security Modules (HSMs): These are physical devices that safeguard and manage digital keys and can provide cryptoprocessing. These are usually used in enterprise settings.
Remember, do not share your API keys and secrets with anyone you do not trust completely. Even with limited permissions, they could still potentially cause harm if they fell into the wrong hands.
Always use strong, unique passwords for your accounts and enable two-factor authentication whenever possible.