[Improvement]: Add support for using encrypted passwords in configurations

[Jzjsnow]

Search before asking

• I have searched in the issues and found no similar issues.

What would you like to be improved?

Currently, the login password for the admin user and the connection password for the mysql/postgresql databases are set in plaintext in the configuration file, which may be a security risk. To avoid the use of plaintext passwords, we would like to add support for using encrypted passwords in the configuration file.

How should we improve?

No response

Are you willing to submit PR?

• Yes I am willing to submit a PR!

Subtasks

• [Subtask]: Add support for using encrypted login passwords #3336
• [Subtask]: Add support for using encrypted database connection passwords #3337

Code of Conduct

• I agree to follow this project's Code of Conduct

[klion26]

Thanks for creating the issue, +1 for this feature. and maybe #3336 can considered together with #3156 by providing a user permissions system

[Jzjsnow]

Now I'm thinking that we can provide an interface by implementing which developers can customize the decryption method and choose the appropriate dependency library themselves. This way we can bypass the potential problem of choosing a dependency library for decryption. Considering that base64 encoding is one of the most commonly used encoding methods, I would like to implement a basic base64 encoding first, not only as an example implementation of the interface, but also to solve the current problem of plaintext passwords.

[engraving-knife]

I am also following up on this issue and would like to ask about the current development status. I believe we should support some more general encryption algorithms, such as AES, and should provide a place for inputting keys for such algorithms. Keys should not be placed in algorithm-dependent packages and configuration files.