Please excuse my lack of sugar-coat as I read all of this.
I see people on here suggesting a new datatype. You canât attach a datatype on a key thatâs already encrypted in the first place. Thatâs like putting more patties on a burger until itâs no longer able to be eaten. There comes a point where too much security on an object thatâs meant to be secure by design becomes worthless and/or a regression because it has been abstracted past what common sense dictates as feasible.
I also see people on here suggesting a new API. You donât need a new API to handle one task. Thatâs too much work for something that can be attached to a pre-existing API that already exists. Iâll explain more as you read through this post.
First and foremost before I begin my lengthy essay, I believe that this functionality is very much needed. Storing tokens on a game that can be exploited, leaked or both is a thought that should not be attempted nor thought about in the first place. It defeats the purpose of what authentication tokens/keys do and why theyâre meant to be stored in a secure place. Storing authentication data in a lua script (as a module, not a textfile⌠this is roblox so, for the sake of you and my sanity⌠Iâll use roblox terminology) is not how people do it in the industry. Authentication tokens are almost always (unless youâre naive and new to this field) stored in a secure database and fetched when needed. It is never stored freely within a game, a file on your desktop, etc.
For some odd reason, this has never been addressed and I feel like it only furthers the point that roblox wants you to use their tools over any third party. Rightfully so. I mean, who wouldnât want a full-all-in-one solution to all their game-making needs. What roblox doesnât realize is that their toolchain is subpar at best. You cannot force tools on developers (even more so seasoned ones) and expect them to love it. You cannot re-invent the wheel time and time again only to find failure and public outcry. Third-party tools allow us to complete tasks that the roblox platform canât do in a feasible manner and provides experience to industry-leading technologies that can be used outside of roblox. Blocking these technologies through subtle yet prevalent means to indirectly or directly push sub-par tools only leads to the regression of this platform and the mitigation to features where users can and will benefit from.
Any who, I donât know why I bothered to create a feasible solution to this since itâll either be ignored like better support for plugins or stolen and rebranded into something that doesnât help but, here we are. I have created the most roblox-istic mockup / prototype I personally thought would work. Excuse the somewhat ambiguous naming. Iâm not getting paid and I did this to prove a point. Petty or not lol.
As you can see by the image, Iâve attached it to the Configure Game
menu and named it Storage
with its own little tab. The visualization is quite standard as most platforms that allow you to add keys use table-tags to display data. Personally, I thought that Identifier
was a bit excessive but, +1 for ordered lists. The Edit
button under the Actions
tab allows you to edit Name
or Key Data
in case you generate a new token. Delete allows you to remove the key entirely from the game.
If you were in a game and you wanted to use the items you just created, I propose the following:
-- Can only be called in a server script, not a module or local script
local keys = game:GetStorage() -- Returns an array in { name = key data } ordered
print(keys["Foo"]) -- Prints out the key data value for the key named "Foo"
If you really want to create an entire service for one functionality because you feel that itâs absolutely needed, I propose the following:
-- Can only be called in a server script, not a module or local script
local keys = game:GetService("TokenService"):Fetch() -- Returns an array in { name = key data } ordered
print(keys["Foo"]) -- Prints out the key data value for the key named "Foo"
Thanks for bringing this up and I hope it gets implemented so that we can finally see support for third-party and not forced to use tools that barely meet industry standards.
Edit: Itâs been added. Secrets Store General Availability