Salesforce Sharing and Visibility Certification Practice Exam

Which three options should be recommended to secure credentials when integrating a managed package with external systems?

• A. Store the credentials in protected custom metadata used in the Apex Callout.
• B. Store the credentials in Named Credentials used in the Apex Callout.
• C. Store the credentials in a custom object using encrypted fields.
• D. Store the credentials in protected custom settings used in the Apex Callout.

The correct answer is: Store the credentials in protected custom metadata used in the Apex Callout.

The best approach to secure credentials when integrating a managed package with external systems is to use Named Credentials in conjunction with the Apex Callout. Named Credentials provide a secure way to store and manage access to external systems within Salesforce. By utilizing Named Credentials, you can store the endpoint URL, authentication settings, and other configurations securely without exposing sensitive information in the code. This reduces the risk of accidental exposure and enhances security. Storing credentials in protected custom metadata can also provide a level of security, but Named Credentials are specifically designed for managing authentication credentials and making callouts to external services more easily. Using them simplifies the integration process and offers built-in features such as automatic management of OAuth tokens and seamless handling of authentication details. Using custom objects with encrypted fields, while it provides some level of security, is not as straightforward and can introduce additional complexity in managing and accessing those credentials. Overall, leveraging Named Credentials aligns with Salesforce's best practices for security and integration management, making them the most appropriate choice for storing credentials securely during integrations with external systems.