Commit Graph

3 Commits

Author SHA1 Message Date
Andrew B
6945b5a296 feat(security): warn when ActiveRecord encryption is not configured (#2362)
* feat(security): warn when ActiveRecord encryption is not configured

Self-hosted instances without explicit ACTIVE_RECORD_ENCRYPTION_* keys (or Rails credentials) store sensitive columns - API keys, provider/bank tokens, the MFA (TOTP) secret, and PII - unencrypted at rest. The app boots and works normally so this plaintext at rest state is easy to miss.

Change: Make it visible:
  - log a clear startup warning (config/initializers/encryption_warning.rb)
  - show a warning banner on /settings/security when encryption is unconfigured

* refactor(security): apply review feedback on encryption warning

- list the three ACTIVE_RECORD_ENCRYPTION_* keys in the banner, rendered via the DS::Alert content block to match the log
- drop the redundant respond_to?(:self_hosted?) guard in the initializer so it matches the controller check
- add a managed-mode test asserting the banner is hidden
2026-06-16 08:11:03 +02:00
Zach Gollwitzer
c05ee9b572 Remove unused settings temporarily (#1136) 2024-08-27 17:10:31 -04:00
Zach Gollwitzer
9bda7efc3f New Settings Menu, Routes and Controllers Organization (#641)
* Add new settings routes and controllers

* Add new settings view, restructure controllers and routes

* Fix lint errors
2024-04-18 07:56:51 -04:00