Secure password storage

[alexjpwalker]

Problem to Solve

It's a pain for the user to re-enter their password for connecting to Cluster every time. In SQL Server for instance, it's popular to integrate the database authentication with your operating system authentication, so you don't need to enter a password, ever.

Proposed Solution

However, we need to think very carefully about how to handle this. Storing the user's password in plain text on their disk is not an option.

[vmax]

@alexjpwalker I believe the solution to this will be platform-specific:

• macOS uses Keychain
• on Linux different DEs handle secrets themselves e.g. GNOME Keyring or ksecretsservice under KDE
• Windows has Credential Manager

We'll need to either:

• wrap them ourselves under on unified API
• search for such a wrapper if it exists; one example is javakeyring/java-keyring
• think of an alternative strategy of password storage & authentication - e.g. hash passwords on the client side & store the salted hash of a password instead of plain text password (e.g. PBKDF2)