[VERY_UNLIKELY] Mail action credentials are saved as plain text in an export

I have…

  • Checked the logs and have uploaded a log file and provided a link because I found something suspicious there. Please do not post the log file in the topic because very often something important is missing.

I’m submitting a…

  • Regression (a behavior that stopped working in a new release)
  • Bug report
  • Performance issue
  • Documentation issue or request

Current behavior

Unencrypted passwords in exported data.

Expected behavior

The password is encrypted.

Minimal reproduction of the problem

  1. Create a rule with a mail and configure it
  2. Export configuration using sq sync out ...
  3. Open exported rule in an editor

Environment

  • Self hosted with docker
  • Self hosted with IIS
  • Self hosted with other version
  • Cloud version

Version: 7.8.2

Browser:

  • Chrome (desktop)
  • Chrome (Android)
  • Chrome (iOS)
  • Firefox
  • Safari (desktop)
  • Safari (iOS)
  • IE
  • Edge

Others:
none

A solution could be to require a password when exporting the data to encrypt sensitive data. The user would then need to provide it when importing the data. The tool could also generate a password during export and show it to the user.
For convenience, the tool could derive a password from the current system or use the data protection API in .NET. But this would require the user to use the same system or user account for import.

I understand this requirement, but I don’t consider it as a bug for now.