@pixel they are encrypted at rest, the reason we need to support database storage is for the admin dashboard.

On the flip side, you will have the ability to disable the admin dashboard settings entirely via env and force env only usage!

2
Share
Share on Mastodon
Share on Twitter
Share on Facebook
Share on Linkedin
Raphael Lullis

@dansup @pixel

What is the default? Who is your user? If someone can deploy this, it means they have access to the direct access to the server. Why should they have access to secrets through the admin?

0
9mo
Andy

@dansup I assume this has to do with the plans of offering hosting for Pixelfed, and ease of configuring when no server access is given

but stuff like this should be handled in a hosting panel outside of the main app then.

adding so much logic into the application to keep those values safe, when easier options are already there is a bit...counter-productive. and error-prone as well, and you don't want these secrets to get into the wrong hands!

0
9mo
Replies