mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-07-17 17:32:27 -05:00
[GH-ISSUE #2229] TOTP secrets not encrypted in database #13984
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @XXXXXTIGER on GitHub (Jan 13, 2022).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/2229
Hello, I just pulled Version 1.23.1(latest for now) image from docker hub.
When using sqlite3 as the data store, I found the TOTP secrets not encrypted at all.
I can not confirm this is desired, but I think it is not safe as the secrets are plaintexts.
Thanks.