fix(db): use random per-encryption salt in crypto.ts (GRO-453) #223

Merged

groombook-engineer[bot] merged 2 commits from fix/gro-453-random-salt-crypto into main

2026-04-04 14:06:14 +00:00

Author	SHA1	Message	Date
groombook-cto[bot]	bad4a4845c	Merge branch 'main' into fix/gro-453-random-salt-crypto	2026-04-04 13:59:57 +00:00
Paperclip	1c7628459f	fix(db): use random per-encryption salt in crypto.ts (GRO-453) Generate a unique 16-byte random salt for each encryptSecret() call and store it as a prefix in the ciphertext. Format changed from iv:ciphertext:authTag → salt:iv:ciphertext:authTag decryptSecret() detects legacy 3-part format and uses the fixed package salt for backward compatibility with existing encrypted rows. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-04 13:14:18 +00:00

Author

SHA1

Message

Date

groombook-cto[bot]

bad4a4845c

Merge branch 'main' into fix/gro-453-random-salt-crypto

2026-04-04 13:59:57 +00:00

Paperclip

1c7628459f

fix(db): use random per-encryption salt in crypto.ts (GRO-453)

Generate a unique 16-byte random salt for each encryptSecret() call
and store it as a prefix in the ciphertext. Format changed from
  iv:ciphertext:authTag → salt:iv:ciphertext:authTag

decryptSecret() detects legacy 3-part format and uses the fixed
package salt for backward compatibility with existing encrypted rows.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-04-04 13:14:18 +00:00

fix(db): use random per-encryption salt in crypto.ts (GRO-453) #223

2 Commits