The encryption key must never be retrievable through the app (that would undo the whole point of TOKEN_ENCRYPTION_KEY — a stolen session/XSS could then read the master key). Instead surface a non-reversible fingerprint so operators can: - verify which key is currently active, - confirm a running instance matches the key they backed up, and - spot an accidental key change (which would make existing secrets unrecoverable). - encryptionService.keyFingerprint(): domain-separated SHA-256 prefix of the active key (env if set, else the stored DB key); never force-creates a key (returns null when none exists), shares nothing with the cipher derivation. - admin bank-sync-config exposes key_fingerprint alongside encryption_key_source. - Admin Bank Sync card renders it with backup guidance. - Test: stable per key, differs by key, not reversible / not the raw key. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| components | ||
| contexts | ||
| hooks | ||
| lib | ||
| pages | ||
| public | ||
| App.tsx | ||
| api.ts | ||
| index.css | ||
| main.tsx | ||
| types.ts | ||