user passwords are readable in config.yml

[manilx]

User name and password are not encrypted and readable in config.yml.
Not good....

[miloschwartz]

Hi thank you for pointing this out. A few things to note:

ALL authentication data (password, access tokens, etc) are hashed according to industry standards before saving in the database. ONLY the main user is stored in the YAML file.

We decided to keep the admin user in the YAML to allow you to easily reset the password without email enabled for password recovery to prevent you from getting locked out. Every time the server starts, it reads this password, hashes it, and inserts it into the database. Realistically, you'd either need to set this password as an environment variable or in the config file, which would both be accessible should someone gain access to your VPS.

What we could consider adding is a new field to the config.yml file under server_admin, maybe something like do_not_overwrite_password, which would allow you to set the password once, delete it from the file, then set this field, so the server does not try to overwrite the password on future restarts. Then if you needed to reset your password, you could remove this field, add the password field back, and then restart the server.

[manilx]

Seems a better solution to me....

[miloschwartz]

Just posting here again to let you know that you can optionally set the password with the environment variables USERS_SERVERADMIN_PASSWORD. You could use docker secrets to handle this if you're using compose. This will override anything set in the config.yml file, so you could remove the password from that file if you choose to.

[manilx]

Used the install script....

[miloschwartz]

The installer sets up a docker compose file for you which you could edit if you would like.

[manilx]

OK!