O'Reilly logo
  • Satish Santhanam thinks this is interesting:

The ideal system is a web service that takes a plain-text string and spits out the HMAC hash without ever exposing the key to your application code

From

Cover of Iron-Clad Java

Note

And store the key in HSM