Storage Credentials shown in cleartext #775

New issue

Open

opened 2026-02-20 15:23:35 -05:00 by deekerman · 0 comments

deekerman commented 2026-02-20 15:23:35 -05:00

Owner

Copy link

Originally created by @vabene1111 on GitHub (Oct 16, 2019).

Originally assigned to: @NGPixel on GitHub.

Describe the bug
When connecting WikiJS to a Git based backend using a password the password is always shown in cleartext on the administrator site. As most Git providers dont allow per repository based access tokens this should probably not be the case. I suggest not loading the password when the form is loaded and only changing it when its submitted in the reuqest.

this might also be the case with other storage providers but i have not tested it.

i hope this has not been reported elsewhere but i could not find an issue

To Reproduce
Steps to reproduce the behavior:

1. Go to 'Adminstration' > 'Storage' >'Git'
2. View Password in cleartext

Expected behavior
This should not be visible as any administrator can see it

Host Info (please complete the following information):

• OS: Docker
• Wiki.js version: 2.0.0-beta.303
• Database engine: postgres 10

Originally created by @vabene1111 on GitHub (Oct 16, 2019). Originally assigned to: @NGPixel on GitHub. **Describe the bug** When connecting WikiJS to a Git based backend using a password the password is always shown in cleartext on the administrator site. As most Git providers dont allow per repository based access tokens this should probably not be the case. I suggest not loading the password when the form is loaded and only changing it when its submitted in the reuqest. this might also be the case with other storage providers but i have not tested it. i hope this has not been reported elsewhere but i could not find an issue **To Reproduce** Steps to reproduce the behavior: 1. Go to 'Adminstration' > 'Storage' >'Git' 2. View Password in cleartext **Expected behavior** This should not be visible as any administrator can see it **Host Info (please complete the following information):** - OS: Docker - Wiki.js version: 2.0.0-beta.303 - Database engine: postgres 10

deekerman added the

enhancement

contrib-medium

labels 2026-02-20 15:23:35 -05:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

scarlett

vega

feat-toc

v2.5.312

v2.5.311

v2.5.310

v2.5.309

v2.5.308

v2.5.307

v2.5.306

v2.5.305

v2.5.304

v2.5.303

v2.5.302

v2.5.301

v2.5.300

v2.5.299

v2.5.298

v2.5.297

v2.5.296

v2.5.295

v2.5.294

v2.5.293

v2.5.292

v2.5.291

v2.5.290

v2.5.289

v2.5.288

v2.5.287

v2.5.286

v2.5.285

v2.5.284

v2.5.283

v2.5.282

v2.5.281

v2.5.280

v2.5.279

v2.5.278

v2.5.277

v2.5.276

v2.5.275

2.5.274

2.5.272

2.5.268

2.5.264

2.5.260

2.5.255

2.5.254

2.5.219

2.5.214

2.5.201

2.5.197

2.5.191

2.5.170

2.5.159

2.5.144

2.5.136

2.5.132

2.5.126

2.5.121

2.5.117

2.5.105

2.4.107

2.4.105

2.4.75

2.3.81

2.3.77

2.3.72

2.3.71

2.2.51

2.2.50

2.1.113

2.0.12

2.0.1

2.0.0-rc.17

2.0.0-rc.1

2.0.0-beta.303

2.0.0-beta.275

2.0.0-beta.268

2.0.0-beta.267

2.0.0-beta.241

2.0.0-beta.230

2.0.0-beta.208

2.0.0-beta.203

2.0.0-beta.180

2.0.0-beta.174

2.0.0-beta.148

2.0.0-beta.147

2.0.0-beta.115

2.0.0-beta.91

2.0.0-beta.84

2.0.0-beta.68

2.0.0-beta.42

2.0.0-beta.11

v1.0.102

v1.0.78

v1.0.76

v1.0.68

v1.0.66

v1.0.12

v1.0.11

v1.0.10

v1.0.9

v1.0.8

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.1

v1.0.0-beta.13

v1.0.0-beta.12

v1.0.0-beta.11

v1.0.0-beta.10

v1.0.0-beta.9

v1.0.0-beta.8

v1.0.0-beta.7

v1.0.0-beta.6

v1.0-beta.5

v1.0-beta.4

v1.0-beta.3

v1.0-beta.2

v1.0-beta.1

v1.0-alpha.7

v1.0-alpha.6

v1.0-alpha.5

v1.0-alpha.4

v1.0-alpha.3

v1.0-alpha.2

v1.0-alpha.1

Labels

Clear labels   

BETA

  

BETA

  

accessibility

  

backlog

  

bug

  

can't replicate

  

contrib-easy

  

contrib-hard

  

contrib-medium

  

deferred

  

documentation

  

duplicate

  

duplicate

  

editors

  

enhancement

  

invalid

  

localization

  

migrate

  

ui

  

under review

  

v3

No labels

BETA

BETA

accessibility

backlog

bug

can't replicate

contrib-easy

contrib-hard

contrib-medium

deferred

documentation

duplicate

duplicate

editors

enhancement

invalid

localization

migrate

ui

under review

v3

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/wiki#775

No description provided.