Pwned passwords and secrets

We are using the Have I Been Pwned (HIBP) service for detecting leaked or compromised secrets, like passwords.

If you get a warning about it, it means that you are using secrets in your configuration which have been leaked and are publicly known. It is strongly advised to change these secrets with a more secure alternative as soon as possible.

Please note; this feature does not send out your secrets to check this. Your secrets and privacy is guaranteed by a K-Anonymity. Your secrets are hashed, the first 5 characters of the hash result are used to query Have I Been Pwned. Have I Been Pwned returns the results of possible password hashes that match, we check the last part of the password hash against this list locally.

Help us to improve our documentation

Suggest an edit to this page, or provide/view feedback for this page.

Edit Provide feedback View given feedback