I’m in the process of writing an interface extension that requires authorised API access to the YouTube Data API, going through its OAuth2 flow. This means I need to store not only the client_secrets.json, but also the refresh tokens and additional data relevant to the auth process.
I havn’t found a good mechanism or place to store data like that. Previous versions of this extension in other CMS systems has involved just writing these values in text to disk, which isn’t the most secure but at least would need raw machine access to reveal.
My options that I can see after combing the docs are the following.
- Directly write JSON to disk, bypassing Directus entirely.
- Use the Directus Files Service, which would require manual configuration of the public policy for the
directus_filescollection using a custom rule to ensure that only admins have access to the files. - Create a collection purely for storing this information, also requiring manual configuration to ensure it’s not published. (is it possible to create the collection programatically? Can I configure the public policy via the API?)
Also, before it’s suggested I’m trying to avoid 3rd party secrets management services. They are all too expensive for this small project, and want to avoid Amazon because Amazon.
Which of these three options would be recommended? Are there better options out there?