The Wasabi AiR API uses Wasabi keys for access to analyze content and destination locations, as well as API access.
The following outlines key considerations and best practices for securing a Wasabi AiR API integration.
Authentication and Authorization
API Keys: Use unique Wasabi API keys for different services and users and implement mechanisms to manage and rotate them regularly.
Role-Based Access Control (RBAC): Define roles and associated permissions to control access to specific API resources and functionalities.
Least Privilege Principle: Adhere to the principle of least privilege by granting users and applications only the minimum permissions necessary to perform their tasks. For AiR, granting access to only necessary buckets with the key policies helps reduce the risk of content exposure if a key is compromised.
Data Protection
Encryption: Encrypt data both at rest and in transit using industry-standard protocols such as TLS 1.3 to prevent eavesdropping and data breaches.
Secure key management: Implement strong key management practices, including storing keys separately from encrypted data, restricting access to authorized personnel, and regularly rotating encryption keys.
For questions about setting up Wasabi Access/Secret keys, refer to the documentation available at Wasabi Academy.
By following these best practices, you can significantly enhance the security of your Wasabi AiR API integration and protect your digital assets from potential threats.