Just testing out Kopia and noticed my applicationkey for B2 is stored in plain text in the repository.config file, is this normal? Should this not at a minimum be hashed in some way?
We’re currently relying on filesystem permissions to protect the configuration file and credentials stored in it. This is similar to how S3 credentials are typically maintained in boto configuration which is user-readable.
In the future we may be able to do two things:
- encrypt
repository.configit with user password - not store credentials at all and instead rely on environment variables set elsewhere
Okay thanks, just wanted to make sure I didn’t miss an option that would have done something with this already.