(migration) Config: Security for passwords

kir68k commented

2025-07-16 20:51:00 +02:00

(Migrated from github.com)

The current implementation is storing both the account and e2ee key passwords as plaintext. I don't really like that...

I'll look at this after adding token caching (maybe later today).

The current implementation is storing both the account and e2ee key passwords as plaintext. I don't really like that... I'll look at this after adding token caching (maybe later today).

kir68k commented

2025-11-20 10:02:57 +01:00

(Migrated from github.com)

The config rn only serves to skip prompts at the start, but room selection and verification still require input. Room selection could be added directly to the config, but verification will be only done once as a part of #16 with some sort of database or store for secrets. I think the password here could be removed and passed from that store, or be a path to where the password is.

For Linux desktops I know Secret Service exists, so a crate like oo7 could help, but I have to think about servers and Windows as well.

The config rn only serves to skip prompts at the start, but room selection and verification still require input. Room selection could be added directly to the config, but verification will be only done once as a part of #16 with some sort of database or store for secrets. I think the password here could be removed and passed from that store, or be a path to where the password is. For Linux desktops I know Secret Service exists, so a crate like [oo7](https://crates.io/crates/oo7) could help, but I have to think about servers and Windows as well.

kir68k referenced this issue

2026-04-26 00:41:04 +02:00

(migration) Move to a graphical interface #16

kir68k changed title from ~~Config: Security for passwords~~ to (migration) Config: Security for passwords

2026-04-26 00:41:36 +02:00

kir68k referenced this issue

2026-04-26 00:49:00 +02:00

renew: tracker/info #20

Rows
Columns

(migration) Config: Security for passwords #13