SFTP Repository password visible (Windows+openssh)

Hi,
I’m testing Kopia, found that if I set a SFTP repository (with username&password access), the credentials are fully accessible (not encrypted) in the file:
C:\Users\myUsername\AppData\Roaming\kopia\repository.config

Thank You
Alessandro

If you don’t use ssh pubkeys or other cert based authentication, then kopia must store the credentials in a usable form, so encoding it would mean it would have to stash that secret somewhere for “anyone” to read. Then you could encode that secret but the 2nd secret would need to be stored somewhere kopia can get to, so in the end you either have a readable file, or a “jump from x to y to z and then you get user+pw anyhow” where the x,y,z steps would be available for anyone else that knows how to use kopia or at least read the kopia sources.

My recommendation would be to use ssh keys and/or certificates to secure your sftp, even for non-kopia uses.

Hi IcePic,
thank You for your fast response.
And I apologize, cause I saw later that others had opened a similar topic.

Thank You.

I need to make an FAQ out of it or something. :wink:
protecting a secret with another secret comic

I’d say: “That is true” :slightly_smiling_face: