Increasingly, reusable functionality is being provided by companies as application programming interfaces (APIs) that can be invoked by multiple applications. Most APIs impose some form of access control, such as requiring an account name and/or password to connect, registering for and/or using a developer (or access) key to connect, etc. As such, developers using an API need to include such credentials in the developed code, and share the code over a source code management system. However, potentially many individuals have access to the code management system, and, therefore, unauthorized individuals may obtain access to the access key and/or other credentials.
Existing access control approaches, however, manual exercises that are labor-intensive. Accordingly, a need exists for techniques for automatically preserving privacy of security information such as API keys and user credentials.