Hello,
Is it possible to prevent the application key being displayed from the devices under Keys (OTAA) on the application server console? It would be good if this could be disabled for security reasons.
If this is not possible, I would like to make a change request.
Isn’t the key by default hidden, unless you click the “eye” icon to display it?
Hi brocaar,
Thanks for your reply. Yes, it is, but as you mentioned it can be viewed with a click. For many devices the key is predefined and can’t be changed. To increase security it would be good if the “eye” view could be disabled, especially when people gain unauthorized access to the console.
Could you share how you would like to see this? In some other use-cases it can be very useful to view this key so I’m not sure if it makes sense to completely remove this.
especially when people gain unauthorized access to the console.
Removing the eye icon would not be an actual solution for this. The key is still exposed through the API (used by the UI to load all data). Right click on the input field and opening the inspector would still show the key. One could also create an API key and programmatically fetch all keys.
The real solution would be preventing unauthorized access.
Hi brocaar,
Thanks for the information regarding the API. I am trying to secure the server as best as possible for use in the cloud. It would be great if there was some kind of security best practice.