Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
Passwords are visible when using UseDpApiForPasswords=true
-
We are using Buildmaster 4.1.2 and passwords for access to remote servers are visible in plain text even though UseDpApiForPasswords=true in the settings. How can we ensure the passwords are hidden ?
Product: BuildMaster
Version: 4.1.2
-
Which passwords are not being hidden?
-
The password for SSH access to remote servers and displayed in plain text when you untick the "Mask Password" checkbox even though we have UseDpApiForPasswords=true in the buildmaster settings.
I heard yesterday that this had been broken in earlier builds but was fixed in 4.1.2.
-
Can you verify that the password properties are encrypted in the database? The editor would have to decrypt them in order to edit them again.
-
The password properties in the database are encrypted. When we first used this feature, once the password was encrypted you could no longer view it in plain text. This is what we need for security reasons.
-
We have released BuildMaster 4.1.3, which addresses this issue:
- BM-1380 - Hide passwords from clients when UseDpApiForPasswords is enabled
So as long as that option is enabled, stored passwords will never be accessible from the UI.