Join our discord community

Join now
Please or Register to create posts and topics.

secure shotgun login information

maelfr@maelfr
22 Posts
#1 · 6. April 2021, 22:34

hello,

I noticed that shotgun passwords and api keys are stored without encryption and can be easily read/copied with a simple text editor from the .yml files.

Would it be possible to implement a way to store them more securely ?

thanks !

RichardF@richardf
1,079 Posts
#2 · 3. May 2021, 17:50

Hey @maelfr

we could store an encrypted version of the password and api keys in the config file.

But since Prism is open source everyone could check the code how the data gets encrypted and decrypted. It would be a bit more effort to get the passwords, but if someone really wants to get it, he would get it.

Let me know if that would still help you or if you have a more secure way.

Cheers,

Richard

maelfr@maelfr
22 Posts
Topic Author
#3 · 31. May 2021, 10:33

hello Richard,

I think that this extra step would at least be a bit more secure than having the current password visible clearly. I do not have the technical know how to think about a more secure way but implementing this would be great 🙂

cheers,