why you need to change during run time, API key should be same you just update in the first deployment and when needed in the site property. we have used keys in etitied and it is working fine. make sure you are calling the api after geting the key. it could by async call happening. check your logic

Hi S P,

It is true that we don't recommend updating Site properties at runtime. The reason is that whenever a site property is updated, the module cache and its consumers will be invalidated and reloaded again.

However, in the demo, you will notice that the Site property is only set once when the private key has not yet been initialized. This has the same impact as going to Service Center and manually updating the Site property.
Doing it once in a while is not harmful, however, doing it over and over again can lead to performance issues as per the article above.

As for alternatives, you can store the key on the database or even retrieve the key from a third-party key store management service, e.g: AmazonKMS.

If you are storing the value on the database, you should follow the same logic as in the Site Property example.

1. Check if you already have a key generated on the database
2. If you have the key on the database, use the ReadKey and return its value to the application to encrypt/decrypt data, if you don't have the key on the database go to step 3.
3. Generate a new key
4. Store key on the database using the result of the SaveKey action
5. Return key to the application to encrypt/decrypt data

If you notice, we only generate a key if you haven't generated the key yet.

Please refer to the envelope encryption diagrams on our documentation:
https://success.outsystems.com/Support/Enterprise_Customers/Maintenance_and_Operations/Data_Encryption_at_Rest#How_to_fully_encrypt_your_sensitive_data