Ad

Safely Store SMTP Password In A Docker Node.JS Project

- 1 answer

I need to store a encrypted password, that is needed in runtime (a SMTP password).

The problem i am facing is that I also need to store a key to decrypt the password again, what ways could this be solved? Since if the key is stored along side with the encrypted password it would be the same as having it in plain text.

Its a customer demand, so in case their server gets hacked the hacker wont have direct access to all their passwords.

The software in making is coded in NodeJS and are running in a Docker container.

A solution that I thought about was to store the encryption key in another file, at another location in the Docker instance but this doesn't seem very secure either.

Thanks in advance

edit, not sure if my question wasn't understood. But what I meant to ask if there was a secure way to do this or not, and if there is where should I look for more info about it.

Ad

Answer

If you should use plain text password in run time, there is no way to secure your passwords from hacking the server. Same problem is exist about database credential. If you store encryption key any where, one function in your code decrypt the encrypted password for using in run time, so hacker can use that function to find plain text passwords

Ad
source: stackoverflow.com
Ad