Skip to content

Content move #3591

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Oct 16, 2025
Merged

Content move #3591

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
bbf628c
Create vendor-password-integrity
AmberAlston Oct 15, 2025
694cc0f
Update vendor-password-integrity
AmberAlston Oct 15, 2025
f453677
Update sidebars.js
AmberAlston Oct 15, 2025
97cc82d
Update vendor-portal-creating-account.md
AmberAlston Oct 15, 2025
3c2cc77
Rename vendor-password-integrity to vendor-password-integrity.mdx
AmberAlston Oct 15, 2025
bdd5934
Update vendor-password-integrity.mdx
AmberAlston Oct 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions docs/vendor/vendor-password-integrity.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# Vendor Password Integrity

This topic describes how Replicated stores your Vendor Portal account password.

## Vendor Portal Account Password

Replicated stores your account password as a bcrypt hash with a cost parameter of 10. This is a non-reversible method that ensures that nobody can view your plain text password.

When you log in, your password is sent to our servers where we calculate a bcrypt hash of the entered password and compare that to the hash we have stored in our database. If these match, access to your account is granted and you are logged in.

The only time we have access to your plain text password is at login and when you change or update your password. During this time, we also calculate a separate, non-reversible hash of your password and [compare it to a list of password hashes](https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/) that are known to have been compromised from other providers. If your password hash is on this list, we will alert you with a banner and a warning. We recommend that you change your password to a securely generated password, preferably one that is not re-used or shared on other sites. We never send your password or the full hash of your password to anyone, including when checking if your password has been compromised.

2 changes: 2 additions & 0 deletions docs/vendor/vendor-portal-creating-account.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,8 @@ To create a vendor account:
Replicated recommends that you use a temporary application name for testing because you are not able to restore or modify previously-used application names or application slugs in the Vendor Portal.
:::

For more information on how Replicated stores your username and password information, see [Vendor Portal Account Password Integrity](/vendor/vendor-password-integrity).

## Next Step

Invite team members to collaborate with you in Vendor Portal. See [Invite Members](team-management#invite-members).
1 change: 1 addition & 0 deletions sidebars.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -878,6 +878,7 @@ const sidebars = {
href: 'https://www.replicated.com/security/'
},
'enterprise/sbom-validating',
'vendor/vendor-password-integrity',
'vendor/replicated-sdk-slsa-validating',
],
},
Expand Down