Page MenuHomePhabricator

Internal Storage Security
Closed, DuplicatePublic


When storing information into passphrase, it would be great for that information to have some encryption, so its not just stored in plain text in mysql.

Potentially, you could also have a key to decrypt and show the credential on screen.

Event Timeline

bajb raised the priority of this task from to Needs Triage.
bajb updated the task description. (Show Details)
bajb added projects: Passphrase, Security.
bajb added a subscriber: bajb.

Phabricator needs the ability to decrypt credentials in background processes and in a non-interactive manner. Thus any key to decrypt a credential would need to be stored at the same level as the Passphrase credential itself, defeating the point of encryption (you can't store the decryption keys as a file outside MySQL because that won't scale for HA).

I'm going to merge this into T4721, which has more discussion. @hach-que's summary is essentially correct.