I am new to installing Discourse, and recently set it up on a Digital Ocean Droplet for us as our company forum/community page.
During the install, I noticed the SMTP password entry is not protected, and it is stored as plain text in the app.yml file.
That seems like a potential security issue. However, I am not a networking/security expert, so this may be just fine for a number of reasons. But in order to keep our IT Manager happy, it would help me if I can better understand why it’s done this way.
I know Discourse is widely used by many companies, so I suspect that this topic has been sufficiently addressed already.
Any help is appreciated.