bollwerkadmin/bollwerk
1
0
Fork 0
Code Issues 9 Pull requests Projects Releases Packages Wiki Activity Actions
bollwerk/server
History
Jens Reinemann 90cfac70a0 feat: column-level encryption at rest with AES-256-GCM (#98) 
- Add EncryptionService (AES-256-GCM) with passthrough when no key set
- Flyway V3: enable pgcrypto extension + widen name columns to TEXT
- DatabaseFactory: init EncryptionService from BOLLWERK_DB_ENCRYPTION_KEY,
  run migrateEncryptData() to encrypt existing plaintext rows on startup
- InventoryRepository: encrypt on write, decrypt on read for
  items.name, items.notes, categories.name, locations.name, settings.value
- MessageRepository: encrypt body on write, decrypt on read
- docker-compose.yml: document BOLLWERK_DB_ENCRYPTION_KEY env var
- docker-compose-vps.yml: pass BOLLWERK_DB_ENCRYPTION_KEY from .env
- .env.example: add key generation template
- .gitignore: add .env to ignore list

Closes #98
2026-05-17 22:17:10 +02:00
..
data chore: Logo überarbeiten – neue Ratte mit Plättchenpanzer & Patronengurt 2026-05-17 17:14:11 +02:00
keys rename: Krisenvorrat -> Bollwerk 2026-05-17 17:44:02 +02:00
src feat: column-level encryption at rest with AES-256-GCM (#98) 2026-05-17 22:17:10 +02:00
build.gradle.kts feat: Migration-Safety – Room v7, AutoMigration, Flyway, kein fallbackToDestructiveMigration (#99) 2026-05-17 21:17:24 +02:00