If you can reverse the hash you’re doing it wrong. A hashed password should be of no use to anyone, that’s the whole point. The application should only ever compare the hashed values of a password. This is basic application security.
I’m interested to understand how we can use secrets manager for password storage. Do you have any documentation on this?
Ah ok, so you don’t support secrets manager per se, you’re suggesting we build our own auth system using it?
This seems to me quite a fundamental security issue. Do you have a roadmap which includes resolving things like this?
The concern is that user’s passwords are stored in plain text.
Quick question, are you running the trains-server over http or https ?
We’d be using https in production
this would not solve the issue of server admins knowing everybody’s passwords would it?