Plaintext passwords

[AloisH]

Hi every one!

Is it really needed, that pve stores passwords for storage (especially pbs) in plaintext under /etc/pve/priv/storage/pbs.pw?
Both products are from the same company and I suppose there should be a way to use preshared keys, tokens or something like that.

Thank you.
BR Alois

 

[_gabriel]

https://forum.proxmox.com/threads/pbs-user-password-saved-in-clear-text-on-the-pve-hosts.97852/

 

[AloisH]

I'm terribly ashamed that I didn't find the link last night.
Thank you very much!!

 

[LnxBil]

Just as a general reminder to all people reading this thread:

I suppose there should be a way to use preshared keys, tokens or something like that.

which are also fully known and therefore as good as a plaintext password. It is important to stress that you should ALWAYS use service-specific passwords which should only be used ONCE. If you have a breach, you cannot do anything with this password.