Gitea Shows plain text passwords in app.ini and in Site Administration page

Hi Team,

In Gitea deployment, we could see that database passwords and the cache/session provider passwords are mentioned in plaintext in the app.ini file.

Also we could see the the cache/session provider passwords in the gui in “Configuration Tab” under site administration page.

Is there any way to hide this.


* On the UI, you can hide it by adding custom templates whose only change is removing these lines (Customizing Gitea | Gitea Documentation)
* For the app.ini file, I don’t know what you want us to do. I think the Helm Chart may provide reading in a K8s secret in the form of an env var, but IIRC, the only thing that does is write the env var into the app.ini on startup, so it will still be there and Gitea cannot function in any other way