Btw, small question: shouldn’t we store hashed passwords or at least do not return them to frontend? Right now I can see password for db user, that I entered before. Do not think thats secure 🙂

You're right we have plan on figuring out the secret mgmt. I think we will start by annotating fields that are secret and so we can systemtically encrypt or vault them