Encrypt OIDC access token in database #7640
Assignees
Labels
must-do
Issues that must be completed by the end of the Sprint. Or else. Only humans may set this.
Comments
|
Original PR: #7959 |
|
Broke this up into two PRs for ease of review: |
|
This is now merged to main with: Some follow-up refactors:
I'm going to go ahead and call this done. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Users' OIDC access tokens are currently stored in plaintext in the Postgres DB. Given the sensitivity of these tokens, we would prefer if they were stored encrypted.
For our deployment, it would work fine to manage the encryption key outside of Coder in an existing secrets manager and pass it in via a file path or directly inside an environment variable.
The text was updated successfully, but these errors were encountered: