Safely Store SMTP Password In A Docker Node.JS Project
I need to store a encrypted password, that is needed in runtime (a SMTP password).
The problem i am facing is that I also need to store a key to decrypt the password again, what ways could this be solved? Since if the key is stored along side with the encrypted password it would be the same as having it in plain text.
Its a customer demand, so in case their server gets hacked the hacker wont have direct access to all their passwords.
The software in making is coded in NodeJS and are running in a Docker container.
A solution that I thought about was to store the encryption key in another file, at another location in the Docker instance but this doesn't seem very secure either.
Thanks in advance
edit, not sure if my question wasn't understood. But what I meant to ask if there was a secure way to do this or not, and if there is where should I look for more info about it.
Answer
If you should use plain text password in run time, there is no way to secure your passwords from hacking the server. Same problem is exist about database credential. If you store encryption key any where, one function in your code decrypt the encrypted password for using in run time, so hacker can use that function to find plain text passwords
Related Questions
- → Maximum call stack exceeded when instantiating class inside of a module
- → Browserify api: how to pass advanced option to script
- → Node.js Passing object from server.js to external modules?
- → gulp-rename makes copies, but does not replace
- → requiring RX.js in node.js
- → Remove an ObjectId from an array of objectId
- → Can not connect to Redis
- → React: How to publish page on server using React-starter-kit
- → Express - better pattern for passing data between middleware functions
- → Can't get plotly + node.js to stream data coming through POST requests
- → IsGenerator implementation
- → Async/Await not waiting
- → (Socket.io on nodejs) Updating div with mysql data stops without showing error