Password Requirement for viewing Keystore/Certificate Passwords

Description of the feature request

For sensitive information such as the signing key to android keystore, it may be good to require the user password to view the passwords for that session, giving the option to turn this off in account settings.

Use case / for what or how I would use it

If I leave my computer open with Bitrise logged in, it would be trivial for someone to show the password for my certificate / Keystore file.

There are numerous plugins that require private information such as the iTunes Connect Deployment services. If someone were to copy access tokens from my machine to this site, they would be able to easily download all my passwords for developer accounts.

Great idea, thanks for the #feature-request @lengk!

P.S.: don’t forget to vote on it! :wink:

1 Like