Teachable Credentials — Secure Storage & Encryption
Teachable Credentials — Secure Storage & Encryption
As of v1.0.79, Teachable admin credentials used for the course import process are protected end-to-end through encryption at rest, strict exclusion from logs, and transient-only decryption.
Overview
When you connect a Teachable school to the platform, you supply admin credentials so the import engine can authenticate against the Teachable API and extract course structures, lesson content, media, and attachments. These credentials are sensitive and are handled with the following security controls.
How Credentials Are Protected
1. AES-256 Encryption at Rest
Immediately upon receipt, credentials are encrypted using AES-256 before being written to storage. Plaintext credentials are never persisted to the database or any other durable store.
2. Never Logged or Exposed in API Responses
Credentials are explicitly excluded from:
- Application logs — no logging framework, structured log sink, or observability pipeline will ever receive the plaintext or ciphertext credential value.
- API responses — credential fields are stripped from all API response payloads, so they cannot be inadvertently returned to a client or intercepted in transit.
3. Transient Decryption in the Worker Context
Decryption occurs only inside the Inngest background worker at the moment the import job needs to authenticate with Teachable. The decrypted credential:
- Is held in memory only for the duration of the operation that requires it.
- Is never written back to storage in decrypted form.
- Is never passed outside the Inngest worker execution context.
Once the worker completes (or fails), the decrypted value is discarded.
Security Summary
| Control | Detail |
|---|---|
| Encryption algorithm | AES-256 |
| Encrypted at rest | Yes — before any write to storage |
| Appears in logs | Never |
| Appears in API responses | Never |
| Decryption scope | Inngest worker context only |
| Decryption persistence | None — transient, in-memory only |
Related
- Teachable Import Overview — how to connect a Teachable school and run a course import.
- Changelog — v1.0.79 — full release notes for this change.