Unhashing password credentials

Donny_Ho · May 21, 2023, 10:23pm

I have an application that stores credentials and tokens for our customers. The idea is to have a recurring job that takes these credentials and make external API calls that require Oauth tokens to do so.

As I have understood the Credentials feature is a oneway hash and you can’t unhash the password to get it in plain text after you have hashed it, correct?

If the above tis true, how does one go about to store sensitive information in Fauna if I also have the need to get that data in plain text later? Do have have to encrypt it with a key on my end before I store it in my FaunaDB and when I read it I decrypt it?

ptpaterson · June 27, 2023, 2:41pm

Hi @Donny_Ho and welcome! I am sorry that it took so long to get to your question.

That is correct. Fauna does not store plain text passwords when using our built in authentication (Credentials feature).

That would be our recommendation: encrypt information in your application before storing in Fauna, then decrypt in your application once you read it back.

Donny_Ho · June 28, 2023, 8:35am

Yeah I figured that was the way to go, thanks

ptpaterson · September 26, 2023, 8:35am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Serving secrets Help authentication , best-practices	2	391	June 3, 2021
Questions about fauna user authentication, ttl and privileges Help authentication , best-practices	5	1356	July 2, 2020
Reset passwords for user database when including External Authentication providers Help authentication	3	474	February 26, 2021
How does one use an alternative hashing algorithm to `bcrypt`, such as `Argon2id`, for hashing credentials? Help	1	320	October 15, 2021
I can't seem to login into fauna with an existing user Help authentication	8	557	July 17, 2021

Unhashing password credentials

Related topics