W hen I took my first steps, it was frowned upon – and rightly so – to stay permanently logged into a system as root. To this day, the KDE graphical desktop environment displays a warning message if you so much as dare to log in as root. However, automation and orchestration were not an issue for many years, and many admins had no qualms about storing sensitive data such as passwords in plain text on disk.

It was not even standard practice to store system users' passwords in the encrypted /etc/shadow file. The "Linux Shadow Password HOWTO" guide [1] from March 1996 explained how to convert your system for the use of shadow passwords, but it took a while before shadow passwords finally became established on all Linux systems. When Debian GNU/Linux 3.0 (aka "woody") was released in 2002, it still prompted you to decide during the install whether you wanted to enable shadow passwords.

Today,storing passwords in plain text is considered an absolute no-no. Even services such as Postfix, which requires passwords to log in to an SMTP relay host can now store and read passwords in an encrypted form. Powerful tools are also available for popular automation tools such as Ansible or Puppet, making it easier to store passwords in an encrypted form and only access them at runtime. In terms of simple system security, you might think everything is looking good.

[...]