Is there a mechanism for encrypting DB connection ...
# support-questions-legacyg
gopi3429
09/15/2022, 7:11 AMIs there a mechanism for encrypting DB connection string passwords in config.yaml?
r
rp_st
09/15/2022, 7:14 AMhey! not at the moment. But a question - how would that work anyway? Cause then you would need to provide the encryption key as well in the config - which would beat the point of encrypting it
g
gopi3429
09/15/2022, 7:18 AMGood question. Not sure but wondering if there's a way to NOT keep the password in clear text.
r
rp_st
09/15/2022, 7:19 AMNot at the moment. If you can think of or find a way which would actually make things secure, feel free to open a github issue about it and we can add it to our TODOs 🙂
g
gopi3429
09/15/2022, 7:23 AMPerhaps with a public/private key pair? The config file contains the password encrypted with the public key and the core module decrypts it with the private key.
r
rp_st
09/15/2022, 7:26 AMHow would the core know what the private key is?
g
gopi3429
09/15/2022, 7:27 AMThe admin puts the private key in the key store. I think that's the standard practice but I don't know the details.
gopi3429
09/15/2022, 7:28 AMJWT configs with asymmetric keys also follow the same mechanism.
r
rp_st
09/15/2022, 7:28 AMwhich key store?
rp_st
09/15/2022, 7:28 AMcause you don't have access to any db at this point
g
gopi3429
09/15/2022, 7:29 AMYou figure it out 🙂
r
rp_st
09/15/2022, 7:29 AMhehe.. well
rp_st
09/15/2022, 7:29 AMthe only storage the core talks to is the db
4 Views