I have a workflow activity that calls a script include that contains REST Message functions.
The script grabs the API Key from the api_key_credentials table which only works if I grant read access to all Authenticated Users.
Is granting read access to the api_key_credentials table a security issue? My worry is that if someone accessed SNOW with a roleless user, could they run a script that gets the api key and use it to send REST messages?
Also would it be better if I migrated the script include to the REST Message table? I think the setup from the workflow activity would be similar, though wouldn't the get api key still need to be run by the user?
