Are there any best practices for storing API keys?
Users can create organizations, and I’d like to let them attach their organization’s facebook/linkedin/twitter pages. Is there anything in particular to watch out for? Or should I just store the keys on the organization document under a services field?