Plain text secret in YAML

[Abhi5h3k]

I'm new to StackStorm and noticed that secrets are shown as plain text in workflow actions.

For example, I was using core.remote_sudo and saw my password visible in plain text in the YAML file, even though it is hidden in the UI.

Is there a better way to manage passwords in StackStorm?

[fdrab]

a better way is to use the internal datastore and then just <% st2kv("datastore_key_under_which_the_pw_is_stored") %> instead of hardcoding the pw into the yaml
EDIT: If you want to store the passwords in the datastore encrypted, don't forget to add ", decrypt=>true" to the st2kv

[Abhi5h3k]

Thank you @fdrab, I was able to resolve it.

Leaving Doc links for future reference:

1. Storing and Retrieving Key-Value Pairs via CLI
2. Referencing Key-Value Pairs in Action Definitions
3. Referencing Datastore Keys in Jinja
5. Securing Secrets (admin only)