All passwords for databases and Redis will be encrypted after starting server/reloading the plugin like this:

From
password: 'CfF6z$5NPhk#&lNt'

Into
password: 'doz1QI8oGMoumLJs/i9ROoZMDk3qDWHD6yVZPJFrVYQ='

For example I used AES (256bit) encryption method.
I think this is a good idea and this feature will make using the plugin more secure.

As mentioned to you several times. If you have people being able to access those files make sure they don’t have access.
If you need to consider your file system insecure you have bigger problems.

And also reversible encryption is pointless. As it can be reversed. The keys either would need to be hard coded in the plugin or stored in the file system.

• If they are in the plugin, everyone can see them. Which makes the encryption pointless.
• If they are stored on the file system you have the same issue as before.

Plugins have no responsibility to keep the data on your disk/file system safe. That is your responsibility as the admin.

This isn't nessesary as only you and, at most, some devs should have access to the config.yml.
Like BrainStone said, when people can access your config consider changing the security measures you have, like updating username and password for the file-system.

This encryption would only make stuff worse and harder to handle without any additional benefit to it.

I haven't security issues. I saw the implementation of a similar function in other plugins, which significantly protected the data.

Encrypting passwords in the config is security theather. Looks and feels like it is more secure while in reality just wasting resources.

The implementations you've seen in other plugins is different to what would be possible here.

As we've ultimately got to reverse the encryption to send the credentials off to the database, it's kinda pointless as the keys have to be stored.

What you've seen in other plugins is probably hashing, which is totally different! :)