SettleSettleSettleSettle Dev Hub
Console →
Security & Compliance

How Keys Are Stored

App API Keys#

SHA-256 hashed before storage. We cannot retrieve the raw key — that's why it's only shown once. If you lose it, rotate it from the dashboard.

Bank Account Numbers#

Encrypted with AES-256-GCM. The encryption key is stored separately from the database. Even a full database compromise would not expose account numbers.

Developer Passwords#

Hashed with bcrypt (cost factor 12). Never stored in plaintext.

← PREVIOUSHow We Handle Your Data (NDPR)NEXT →Subscriptions