changelog/10.10.0_2022-05-16/39935
Change: Private keys for SFTP storage will be stored in credentials table
Previously, both private and public keys were part of the configuration of
the SFTP mount point. Although encrypted, there were some scenarios where
the private key could be visible.
The following changes have been implemented:
* The private key will never leave the ownCloud server.
* The private key will be stored encrypted inside the oc_credentials table.
* A random token will be created to refer to the private key. This token
will be part of the SFTP mount point configuration.
* The public key will be treated as a normal configuration parameter. This
means that it won't be neither encrypted nor encoded in any way.
The overall behavior remains the same. ownCloud will generate a key pair, whose public key will need to be placed in the SFTP server.
https://github.com/owncloud/core/pull/39935