How to keep API secret securely in Frappe?

I am developing a Frappe application, I am using a token to call API requests, I have currently hard-coded the API token in the code, This is probably a bad practice, What is the best practice to keep the API token in Frappe securely ?

Thanks in advance


If you have other settings that you’d like to manage for this API together with the API secret, I’d recommend that you create a single settings doctype. Within this, you can create a password field to store your API Secret. For example:

You can then access the password field using doc.get_password, like so:

Another option is to store it in the site_config.json and access it using frappe.conf.site_config_key.