Consider giving the user the chance of NOT storing API keys in the .fox file

cyb3rfox / Aurora-Incident-Response

Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders

Apache License 2.0

742 stars 79 forks source link

Consider giving the user the chance of NOT storing API keys in the .fox file #66

Open febrezo opened 3 years ago

febrezo commented 3 years ago

As .fox files are JSON files, storing API keys as plaintext can lead to security issues. Knowing that this can be helpful, it should be considered to make it optional.

cyb3rfox commented 3 years ago

Got your point, encrypting wouldn't make too much sense either. I think encrypting and password protecting the whole file might be the best option. That is on the roadmap and tracked in #12