It's possible to view passwords from protected certificated

Question

It's possible to view passwords from protected certificated

guitcastro opened this issue 6 years ago · 5 comments

As showed in the screenshot above, if I click in the eye icon I am able to see the password of a protected certificated.

Answer 1 · 2018-09-07T08:14:23.000Z

Hi there!

As mentioned on Slack, this is intended. But it does raise a question about consistency regarding how secrets are protected, so thanks for bringing this to our attention!

Answer 2 · 2018-09-11T19:32:29.000Z

Understood (although I think make more sense to keep it private). I'm trying using generic file storage as a workaround, but I cannot use the Download URL from the generic file storage because it's not a secret (even if is protected).

Do you have another suggestion? I am out of options here, This project I am working on is very sensitive, I cannot expose sensitive information.

Answer 3 · 2018-09-12T10:10:59.000Z

I agree that you do have a point here. Well, there isn't anything I could recommend Viktor haven't already did on Slack 🙂How did editing the .yml directly go?

Answer 4 · 2018-09-12T15:14:32.000Z

Sorry, I forgot do give the feedback to you. It worked!
Thanks for the help.

Answer 5 · 2018-09-12T15:52:21.000Z

Awesome, great news! No worries, sure thing, ping us anytime! 😉