decide where to store passwords

[ltalirz]

It might be ok to store the hashed passwords of AiiDA users in the AiiDA DB - but perhaps in a different table (a bit like what is done for the Computers an the Authinfo).

To discuss

[giovannipizzi]

Up to now we tried to avoid putting credentials in the DB. This might be a case where we want to put things in the DB, with some caveats:

• if this remains outside of AiiDA-core, we need to be careful in tampering with the DB
• we need to carefully describe what is in the DB, which tables are for exporting in archives and which should remain private to the instance

Another option is to put it in a file in ~/.aiida, side-by-side with the config.json

The additional question I have is: do we support/use (hashed) password, or tokens (permanent or expiring?), or both?