https://netsuiteprofessionals.com logo
Join Slack
Powered by
Hey! I’m working with secret management in NetSuit...
# suitescript
e
Hey! I’m working with secret management in NetSuite and initially assumed that the 
custsecret
object would allow secrets to have different values per NetSuite account where my SuiteApp is installed. However, after deploying my SuiteApp to another account, I noticed that I can’t modify the secrets individually for each account. Are the secrets defined in the originating NetSuite account globally applied to all instances where my SuiteApp is installed? If so, that would mean secrets are not account-specific, which is a problem if I need unique values per NetSuite environment. What would be the best approach to manage secrets on a per-account basis in this case?
a
complete speculation on my part but this sounds like a job for an SDF Installation script? https://docs.oracle.com/en/cloud/saas/netsuite/ns-online-help/section_1544719586.html#subsect_156502661150
create the secret IN the account
e
The secret would be inputted by the NetSuite user, so the installation script is not an option unfortunately.
a
... oh the way you said it, I thought the suiteapp was creating the custsecret
I think you just have the users create the cust secret then and then have them give you the script id reference in some kind of config/setup page
and then all your code can't reference the secret directly cos you have to look it up cos it can be different per account
just reading more about this... apparently they ARE editable? I was assuming they were create and readonly after that
e
Ah, sorry. Should have been more clear. The reason I mentioned the SuiteApp creating the 
custsecret
object is because I followed this guide: https://blogs.oracle.com/developers/post/managing-suiteapp-api-secrets and when doing it like the guide states the secrets are created in the environment. But they are globally defined and you can't change them on a per account basis.
a
yeah it sounds like you don't want that though? these secrets arent your app secrets? they're the client's secrets? that they need to share with you
I think you need to be using the info under the "Storing Customer Credentials for External System Connections in NetSuite" section of that blog post for your use case
e
^ This is how I store external credentials. Encrypted field on a Custom Record.
a
TIL there's oracle/NS blogs for devs
e
They do exist
😂 1
e
@erictgrubaugh what field type do you use for the field in your custom record? And how do you use it in a later stage from your script? The reason I'm asking, the blog post is referring to a suitelet where the secrets are provided in. In my world it would be great if this could be handled directly via the custom record.
e
It has been some time since I've done this, so things might have changed, or my memory may be fuzzy. IIRC, you don't need anything special on the scripting side; you work with it like any other field, so long as the role that the Script is using has appropriate access to the field. I use whichever text field type is long enough to hold the value I need, usually Free Text is sufficient. You can see the encryptable field types here
Another alternative - albeit a potentially weak one - is to not encrypt the field at all, but make sure all the permissions on the record and field definitions are locked down appropriately.
a
Eric! That's the kind of half-assed cowboy coding that I recommend, this is beneath you! My disappointment is immeasurable and my day is ruined.
🤣 1
e
You're welcome!
😂 1
🦸 1
e
Managed to do this now. One last question about it though, one has to set 
options.restrictToScriptIds
when using 
Form.addCredentialField(options)
. This is of course fine initially, but what happens if I'm adding new scripts that want to utilise the credentials my user has inputted? Does that mean they would have to re-enter the credentials again? This seems a bit odd compared to the API Secrets functionality where one can allow a whole SuiteApp by id, e.g. 
com.mycompany.myapp
.
36 Views
Open in Slack
PreviousNext
Powered by