[stork-users] Hiding passwords in config files

[Tomek Mrugalski]

On 09.06.2021 15:32, Buclin, Bertrand wrote:
> Providing the live configuration of a service in Stork is a great
> feature. 
Thank you for looking at Stork and for your kind comment.

> Rather than “raw” actually, a more descriptive word would be
> “live”, in my opinion, but that’s a detail.
Point taken. We'll update this the next time we touch this code.

> The more serious issue is that the password fields such as the database
> password for the config-database, the lease-database, the
> hosts-database, or the RADIUS secrets,  should not display the passwords
> in clear, unless the user is a super-admin. And better, even if the user
> is a super-admin, the password should not be display by default in
> clear. You could put a small button next to the password, which allows
> to display the password when clicked.
That's a very reasonable request. We do have a mechanism to obscure
passwords when Kea logs its configuration, but sadly there is no way to
use that capability when retrieving the config using config-get (which
is what Stork is using). Anyway, these are technical details. The
conclusion here is that we need to hide the data somehow. We'll figure
it out.

Can I ask you to open a ticket for this here:
https://gitlab.isc.org/isc-projects/stork/-/issues?

Thanks!

Tomek Mrugalski
ISC