Plaid provides one secret
for each of our three environments; Sandbox, Development, and Production. Both Production and Development secrets are provided once you request and receive access.
In the case that a secret
has been compromised, you are able to rotate any of your secrets in the Keys section of your Dashboard.
Steps to rotate a secret
- Start the rotation: Click on the “Rotate secret” icon that is on the right-most side of the secret field. A new secret will be created and both the new and old secrets will remain active until you delete one of them
- Integrate with your new secret: Copy your new secret and swap it out in your integration
- Delete the old secret: Once you have tested the new secret, you can now delete your old secret by clicking the “Delete” icon that is on the right-most side of the secret field
Note: You are also able to delete the new secret
key if you want to cancel the secret
key rotation.
API secrets permissions
Permissions for API secrets are also on a per-environment basis. You are able to edit them for each teammate by visiting the Members menu of your Dashboard and clicking the “Edit” button next to a teammate. Teammates without any API secrets access will not be able to view the API keys for their team.