SMTP Passwords in Cleartext

[benichmt1]

When I was setting up SMTP, I noticed that the SMTP password was accessible in the clear. I see that this was discussed in a previous issue to change it from type=password to type=text: #954

I would be concerned from a security perspective if someone got access to my BTCPay Server web portal and used my GSuite / Office365 credentials within to pivot further.

Suggestion

Here's an example of how Grafana handles the same thing:

You're still able to update and test a new password, but you're not able to read what the previous password was unless you actually look in the database. Essentially the password field in Grafana is populated with a placeholder if you go to view it within the web UI.

In our BTCPay scenario, I suppose someone with access could just add their SSH key but I would hope that a security-conscious administrator would harden or restrict SSH access before going live to production.