Please verify that this feature request has NOT been suggested before.
Problem statement
The API tokens are currently saved in plaintext in the DB; there are various safety mechanisms already implemented but getting access to a fully permissioned template environment one might extract these tokens (this is why we warn about templates in the thread modelling docs)
Suggested solution
Implement a new token format that uses hmac digests; netbox did this somewhat recently.
Describe alternatives you've considered
The threat model currently is written to address this so we might also accept the current stqte
Examples of other systems
netbox
Do you want to develop this?
Please verify that this feature request has NOT been suggested before.
Problem statement
The API tokens are currently saved in plaintext in the DB; there are various safety mechanisms already implemented but getting access to a fully permissioned template environment one might extract these tokens (this is why we warn about templates in the thread modelling docs)
Suggested solution
Implement a new token format that uses hmac digests; netbox did this somewhat recently.
Describe alternatives you've considered
The threat model currently is written to address this so we might also accept the current stqte
Examples of other systems
netbox
Do you want to develop this?