How should the transaction key be stored when implementing SIM in PHP on a LAMP server?
The code samples/SDK for the PHP solution has a placeholder for the transaction key right on the sim.php page, which I don't think is the most secure way to store the transaction key.
Should I keep the transaction key in my mysql database and if so, what's the right way to have it encrypted while stored in the database and then in plain text in a variable when used in the PHP code? I'm asking for the 'right way' because if this 'the'/'a' good way to store the transaction key, then there should be a recommended way to do it as I know I'm not smart enough to invent my own encryption scheme.
Perhaps I should store it in an encrypted file. If so, I again ask, what's the right way to manage the file so I can rely on trusted cryptographic methods?
Are there other options I'm not thinking of, or am I missing the point all together? I don't see anybody else asking this question so maybe I am missing something.
Thanks in advance!
