# Where should I save my API key and secret

API keys and secrets are sensitive pieces of information that allow access to your exchange account, albeit with limited permissions. Therefore, it's crucial to store them securely. Here are some recommendations on where and how to save your API key and secret:

***

## 1. 🗂️ **Secure Digital Storage**

You can save your API keys in a secure digital note-taking app that has strong encryption, such as **LastPass** or **1Password**. These tools also offer **password-protected notes** where you can store sensitive information.

## 2. 📄 **Offline Storage**

Another option is to store your API keys offline. You can **write them down** on a piece of paper and store it in a secure location. Remember, this paper should be kept safe from both physical damage and unauthorized access.

## 3. 🔐 **Encrypted Files**

You could also store the keys in an **encrypted file** on your computer. There are several tools available that can encrypt files, such as **VeraCrypt**.

## 4. 💾 **Hardware Security Modules (HSMs)**

These are physical devices that safeguard and manage digital keys and can provide cryptoprocessing. These are usually used in **enterprise settings**.

***

**Important:** Remember, **do not** share your API keys and secrets with anyone you do not trust completely. Even with limited permissions, they could still potentially cause harm if they fell into the wrong hands.

Always use strong, unique passwords for your accounts and **enable two-factor authentication** whenever possible.