Storing webhook secret keys

Because of the sensitive nature of webhook secret keys, you need to store them safely and securely. If an attacker were to obtain your secret keys, they could spoof requests to your webhook listeners.

We recommend that you use one of the following methods of securing your webhook secret keys:

We strongly recommend NOT using any of the following methods:

  • Slack channels
  • Unecrypted text files in cloud storages such as Google Drive
  • Code repositories