akrava
commented
4 years ago Now i see the solution of this issue, like encrypting token with some secret, which is stored in env of app. Token isn't a password, which we can hash with random salt and compare with initial hashed data. So at now I can only encrypt with some constant secret, and I don't know how to randomize it. I'll be grateful of any idea.
In order to prevent access to gmail emails from anyone who has access to the database and bot environment variables, the tokens that are saved to the database should be encrypted using a cryptogtaphically-strong randomly generated private keys.
But this also means there might be an issue whilst redeploying the application (make sure the data is not lost because of the private key loss).