Explores how Semaphore UI stores secrets in its database, including variable groups and key stores. Demonstrates that secrets are encrypted at rest using AES and stored as base64-encoded data in SQLite. Shows how to decrypt these values by examining the source code and using the access_key_encryption key from config.json. Emphasizes the importance of securing and backing up the config.json file since it contains the encryption keys needed to decrypt all stored secrets.
Sort: