klesh commented on issue #2800: URL: https://github.com/apache/incubator-devlake/issues/2800#issuecomment-1229871702
@tk103331 "Appears only once" is not very practical, because some validations happen in Frontend, and it is ok for webpage to display sensitive information, take 1password as an example, we can copy password from its webapp without problem as long as https is enabled, you may do the same for `config-ui` in case you have security concerns. But, I think there is a point in encrypting data in database, actually, we encrypt connection `tokens` and `password` in the database, but not the `plan` which contains the git repo secret string. I think we should encrypt the `pipeline.plan` and `buleprint.plan` and `blueprint.settings` in the database if sb gains access to the database without `config-ui`, is that what you suggested? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
