laoxong/nofx - nofx - Gitea: Git with a cup of tea

laoxong/nofx

Fork 0

mirror of https://github.com/laoxong/nofx.git synced 2026-06-04 09:58:22 +08:00

Commit Graph

Author	SHA1	Message	Date
Lawrence Liu	6bdb26cd58	security(crypto): remove master key from log output to prevent leakage (#753 )	2025-11-08 17:01:16 +08:00
ZhouYongyou	feeaa14050	feat(security): add end-to-end encryption for sensitive data ## Summary Add comprehensive encryption system to protect private keys and API secrets. ## Core Components - `crypto/encryption.go`: RSA-4096 + AES-256-GCM encryption manager - `crypto/secure_storage.go`: Database encryption layer + audit logs - `crypto/aliyun_kms.go`: Optional Aliyun KMS integration - `api/crypto_handler.go`: Encryption API endpoints - `web/src/lib/crypto.ts`: Frontend two-stage encryption - `scripts/migrate_encryption.go`: Data migration tool - `deploy_encryption.sh`: One-click deployment ## Security Architecture ``` Frontend: Two-stage input + clipboard obfuscation ↓ Transport: RSA-4096 + AES-256-GCM hybrid encryption ↓ Storage: Database encryption + audit logs ``` ## Features ✅ Zero breaking changes (backward compatible) ✅ Automatic migration of existing data ✅ <25ms overhead per operation ✅ Complete audit trail ✅ Optional cloud KMS support ## Migration ```bash ./deploy_encryption.sh # 5 minutes, zero downtime ``` ## Testing ```bash go test ./crypto -v ``` Related-To: security-enhancement	2025-11-06 23:55:33 +08:00

Author

SHA1

Message

Date

Lawrence Liu

6bdb26cd58

security(crypto): remove master key from log output to prevent leakage (#753 )

2025-11-08 17:01:16 +08:00

ZhouYongyou

feeaa14050

feat(security): add end-to-end encryption for sensitive data

## Summary
Add comprehensive encryption system to protect private keys and API secrets.
## Core Components
- `crypto/encryption.go`: RSA-4096 + AES-256-GCM encryption manager
- `crypto/secure_storage.go`: Database encryption layer + audit logs
- `crypto/aliyun_kms.go`: Optional Aliyun KMS integration
- `api/crypto_handler.go`: Encryption API endpoints
- `web/src/lib/crypto.ts`: Frontend two-stage encryption
- `scripts/migrate_encryption.go`: Data migration tool
- `deploy_encryption.sh`: One-click deployment
## Security Architecture
```
Frontend: Two-stage input + clipboard obfuscation
    ↓
Transport: RSA-4096 + AES-256-GCM hybrid encryption
    ↓
Storage: Database encryption + audit logs
```
## Features
✅ Zero breaking changes (backward compatible)
✅ Automatic migration of existing data
✅ <25ms overhead per operation
✅ Complete audit trail
✅ Optional cloud KMS support
## Migration
```bash
./deploy_encryption.sh  # 5 minutes, zero downtime
```
## Testing
```bash
go test ./crypto -v
```
Related-To: security-enhancement

2025-11-06 23:55:33 +08:00

2 Commits