Hi all,
I need to connect to an external web service from an async custom workflow activity in CRM (on-prem), and I know there are a lot of different options for me on how to secure the web service configuration (URL, API-key etc.). I would like to avoid hard coding an encryption key in my custom code, so I am left with some options that all seem "unpleasant" in some way or other. I would very much like your recommendations or pros/cons on the different approaches.
Options as I see them in no particular order:
A. Change the asyncservice's config file adding an encryption key. Option is possibly unsupported and may cause issues when updating/upgrading but I have not been able to find out for sure if this is supported or not.
B. Hard code the encryption key into my custom activity code. Uhm... I'd rather not :)
C. Field level security for a configuration entity in CRM.
D. Encryption key on machine level, outside of app.config and web.config, or environment settings in some way.
E. Plugin with secure configuration that in some Rube Goldberg-esque fashion delivers non-encrypted data to the workflow activity on Retrieve if certain conditions are met, like user, team or security role.
F. External web service on localhost with its own configuration to proxy away this complexity.
I know I can probably do all of these and make them work, but I want to hear how you have solved it in the past and if you were happy with the solution after some time had passed.