Migrating a Business to Linux — 8
Another challenge encountered in our migration at work is the way NetworkManager (NM) saves connection data. NM is designed to store all connections. To my knowledge there is no way to set the default configuration to not save connections or set the default to treat connections as session-only.
Frequently we connect to customer devices with these laptops, both in the field and at the office with the bench laptop. Commonly we test and reconfigure customer routers. Every time we test these devices NM stores the connection information.
Unless NM is configured to use the GNOME keyring, the credentials are stored in clear text.
We do not want to store customer credentials in clear text. We do not want to permanently store customer connections. At all.
As I know of no way to prevent storing all connections, I had to write a shell script to scrub these customer connection configurations.
NM is not well designed. Hashing credentials would resolve serious security issues. Allowing users to not store connections as the default setting would avoid storing hundreds of unwanted connections.