Rudder

Rudder already provide some ways to hash password in the user directive but I'd like to know what is the best way to store sensitive data in Rudder. A scenario I'm thinking of is a tool configuration that needs to connect to a centralized server using specific credentials (user+password). I'd like to avoid these sensitive data to be viewed by all rudder operators in my company.

Accroding to me here are 2 options available today(Rudder 4.0.2):

• store sensitive data on the share space in rudder server
  • + not visible in clear in the interface
  • - hard to update (can't be done via rudder interface)
  • - stored in clear at server side
• encode sensitive data and use javascript code to decode them in directives
  • + not visible in clear in the interface
  • + can be edited via rudder web interface
  • - can be decodable (so retrieved via rudder interface)

Some other tools I use to work with have a concept called "Secured Variables" (stored encrypted in the database with a key configured in the server) and it could be a great to have this kind of concept in Rudder too (maybe in global parameters ?). An even more better solution could be an integration with Secret management tools like Hashicorp Vault.

If there is no better solution than the ones I thought, I hope that I give you at least some ideas for future Rudder releases :-)

Thanks in advance