|
|
|
|
|
|
by tony-infisical
1234 days ago
|
|
|
You can likely encrypt the tokens symmetrically by a key on the server (can also have that key be stored in a secret manager and retrieved for the purposes of the encryption/decryption only); obv you have to make sure the key doesn't leak but it's significantly better than storing this type of data unencrypted in DB. Interesting point on existing providers not encrypting user tokens in the DB by default tho - wouldn't expect that hmmm |
|
|