Thanks to visit codestin.com
Credit goes to github.com

Skip to content

28: encrypting credentials#27

Merged
AntonioErdeljac merged 1 commit into
mainfrom
28-encrypting-credentials
Nov 2, 2025
Merged

28: encrypting credentials#27
AntonioErdeljac merged 1 commit into
mainfrom
28-encrypting-credentials

Conversation

@AntonioErdeljac

@AntonioErdeljac AntonioErdeljac commented Nov 2, 2025
edited by coderabbitai Bot
Loading

Copy link
Copy Markdown
Contributor

Summary by CodeRabbit

  • New Features

    • Credential values and API keys are now encrypted when stored in the system

  • Chores

    • Added cryptr encryption library as a runtime dependency

@AntonioErdeljac AntonioErdeljac merged commit 4dd4ea7 into main Nov 2, 2025
@coderabbitai

coderabbitai Bot commented Nov 2, 2025
edited
Loading

Copy link
Copy Markdown

Caution

Review failed

The pull request is closed.

Walkthrough

The PR adds end-to-end encryption for stored credentials. A new encryption module using Cryptr is introduced, credentials are encrypted when stored, and decrypted when used by AI provider executors.

Changes

Cohort / File(s) Summary
Dependency Addition
package.json		 Added cryptr v^6.4.0 as a runtime dependency
Encryption Module
src/lib/encryption.ts		 New module providing encrypt() and decrypt() functions initialized with ENCRYPTION_KEY environment variable
Credential Encryption
src/features/credentials/server/routers.ts		 Applied encryption to credential values in create and update mutations; value stored as encrypt(value)
Credential Decryption
src/features/executions/components/anthropic/executor.ts,
src/features/executions/components/gemini/executor.ts,
src/features/executions/components/openai/executor.ts		 Applied decryption to credential values when initializing AI clients; API key now sourced from decrypt(credential.value)
Minor Cleanup
src/features/executions/components/http-request/dialog.tsx		 Removed commented line referencing pending refinement

Sequence Diagram

sequenceDiagram
    participant User
    participant Storage as Credential Storage
    participant Executor as AI Executor
    
    User->>Storage: Create/Update Credential (plain value)
    Storage->>Storage: encrypt(value)
    Storage->>Storage: Store encrypted value
    
    Executor->>Storage: Fetch Credential
    Storage->>Executor: Return encrypted value
    Executor->>Executor: decrypt(credential.value)
    Executor->>Executor: Initialize AI Client with decrypted key
    Executor->>Executor: Execute request
Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

  • Verify ENCRYPTION_KEY environment variable is properly configured and documented
  • Confirm encryption is consistently applied to all sensitive credential types
  • Check that decrypt failures are handled gracefully in executor components

Poem

🐰 Secrets now bundled tight and snug,
Cryptr gives them a cozy hug,
Store them locked, unlock when needed,
API keys stay safe and heeded! πŸ”

✨ Finishing touches
  • πŸ“ Generate docstrings
πŸ§ͺ Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch 28-encrypting-credentials
πŸ“œ Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

πŸ“₯ Commits

Reviewing files that changed from the base of the PR and between f098040 and f9fc483.

β›” Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json
πŸ“’ Files selected for processing (7)
  • package.json (1 hunks)
  • src/features/credentials/server/routers.ts (3 hunks)
  • src/features/executions/components/anthropic/executor.ts (2 hunks)
  • src/features/executions/components/gemini/executor.ts (2 hunks)
  • src/features/executions/components/http-request/dialog.tsx (0 hunks)
  • src/features/executions/components/openai/executor.ts (2 hunks)
  • src/lib/encryption.ts (1 hunks)

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AntonioErdeljac