I’m interested to understand how we can use secrets manager for password storage. Do you have any documentation on this?
The concern is that user’s passwords are stored in plain text.
this would not solve the issue of server admins knowing everybody’s passwords would it?
Quick question, are you running the trains-server over http or https ?
We’d be using https in production
Ah ok, so you don’t support secrets manager per se, you’re suggesting we build our own auth system using it?
If you can reverse the hash you’re doing it wrong. A hashed password should be of no use to anyone, that’s the whole point. The application should only ever compare the hashed values of a password. This is basic application security.
This seems to me quite a fundamental security issue. Do you have a roadmap which includes resolving things like this?