Passwords on Disk?

I’m love to find out how passwords (config values of type password) are stored within the Replicated configuration. Are they stored plaintext anywhere? I’d heard that these values are symmetrically encrypted when stored in snapshots, but not about how they’re stored on a running system.

If they are encrypted, where is the symmetric key stored? And is it per install?

Replicated uses a per-installation encryption key to store password configuration options. This encryption key is stored solely on the disk of the system that generated it.

When passwords only need to be validated by Replicated, such as in the case of console passwords, they are stored as bcrypt hashes.

Ok, just to clarify. A database password put in by the user is stored on disk encrypted then?

Anything entered by the user into a password field on the settings page is encrypted on disk.

1 Like

The encryption key is stored in the directory /var/lib/replicated/db/cipher.