rhukster
commented
7 years ago Sorry, read your comment wrong the first time.
The issue is the email has to be sent plain text via SMTP protocol. Any encryption would need to be 2-way and inherently insecure. Also as we have to send it plain text anyway, your not gaining anything. It's the same reason why email and database passwords are stored in plain text in all similar systems such as Joomla, WordPress etc.
Loaded gravstrap skeleton. updated everything. running on ubuntu. enabled email plugin and provided configuration data. Just looked at user/config/plugins/email.yaml and see that the password is in open text, next to the fieldname password. This does not seem to me to be a secure practice. An intruder obtaining entry to a site would surely grep for lines with password. Further: if debug option is on in Grav, then the plugins tab pulls out all the yaml config information, including the password. Are there no other configuration options you could use to mask the password?