Skip to content

Provide secure credential storage for non-OAuth2 Console deployments #1067

Description

@graikhel-intel

Description

Customers who do not use OAuth2 need a secure way to store and retrieve Console credentials without relying on plaintext values in config/config.yml. Console should provide a supported way to use a secure local credential store, such as a credential manager or equivalent mechanism, for sensitive credentials required by the application.

Requirement

Console must provide a supported way for deployments that do not use OAuth2 to securely store and retrieve sensitive credentials outside of config/config.yml.

Customer need

Customers want to avoid storing usernames and passwords in plaintext configuration files. They need a simple and supported way to manage these credentials securely in local or enterprise deployments where OAuth2 is not available or not desired.

Scope

  1. Support secure storage and retrieval of Console credentials for deployments without OAuth2.
  2. Provide a way to disable plaintext storage of sensitive credentials in config/config.yml.
  3. Provide a customer-usable workflow for setting, updating, and removing stored credentials. This will need some brainstorming.
  4. Support the deployment environments currently supported by Console.

Acceptance criteria

  1. A customer can run Console without OAuth2 and without storing required sensitive credentials in plaintext in config/config.yml.
  2. Console can retrieve required credentials from a secure storage mechanism at runtime.
  3. Customers can set, update, and rotate stored credentials through a supported workflow.
  4. Customers can disable plaintext credential usage in config/config.yml for supported sensitive values.
  5. The feature is documented from a customer workflow perspective.

Metadata

Metadata

Labels

customer-feedbackWork driven by customer deployment experience and feedback.

Type

No type

Fields

No fields configured for issues without a type.

Projects

Status
Todo
Status
Q3 2026

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions