cast-ghl-plugin

CAST/cast-ghl-plugin

Fork 0

Commit Graph

Author	SHA1	Message	Date
Head of Product & Engineering	4d8e1eb352	feat: AES-256-GCM encryption for per-location Cast API keys + MongoDB auth All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details - Add internal/crypto package: AES-256-GCM encrypt/decrypt with migration passthrough for existing plain-text records (no "enc:" prefix = plain text) - Store.NewStoreWithCipher injects cipher; SaveToken/UpdateLocationConfig encrypt cast_api_key before write; GetToken/ListTokens decrypt on read - Add CREDENTIALS_ENCRYPTION_KEY env var (64-hex / 32-byte); warns if unset - Add MongoDB authentication: MONGO_ROOT_USERNAME / MONGO_ROOT_PASSWORD via docker-compose MONGO_INITDB_ROOT_USERNAME/PASSWORD; MONGO_URI now requires credentials in .env.example - Update .env.example with generation instructions for all secrets Co-Authored-By: SideKx <sidekx.ai@sds.dev>	2026-04-06 15:27:38 +02:00

Author

SHA1

Message

Date

Head of Product & Engineering

4d8e1eb352

feat: AES-256-GCM encryption for per-location Cast API keys + MongoDB auth

ci/woodpecker/push/woodpecker Pipeline was successful

Details

- Add internal/crypto package: AES-256-GCM encrypt/decrypt with migration
  passthrough for existing plain-text records (no "enc:" prefix = plain text)
- Store.NewStoreWithCipher injects cipher; SaveToken/UpdateLocationConfig
  encrypt cast_api_key before write; GetToken/ListTokens decrypt on read
- Add CREDENTIALS_ENCRYPTION_KEY env var (64-hex / 32-byte); warns if unset
- Add MongoDB authentication: MONGO_ROOT_USERNAME / MONGO_ROOT_PASSWORD via
  docker-compose MONGO_INITDB_ROOT_USERNAME/PASSWORD; MONGO_URI now requires
  credentials in .env.example
- Update .env.example with generation instructions for all secrets

Co-Authored-By: SideKx <sidekx.ai@sds.dev>

2026-04-06 15:27:38 +02:00

1 Commits