The Quay's database is stored in plain-text in mirror-registry on the jinja's config.yaml file, leaving the possibility of an malicious actor with permissions to access this file to gain access to Quay's Redis instance.