refactor(crypto): reject encrypted values from another secret

This commit is contained in:
Nicolas Meienberger 2026-05-18 21:14:20 +02:00
parent 419204d587
commit 0f5a6823ec
No known key found for this signature in database

View file

@ -38,7 +38,14 @@ const encrypt = async (data: string) => {
}
if (isEncrypted(data)) {
return data;
try {
await decrypt(data);
return data;
} catch {
throw new Error(
"You have provided an encrypted value that cannot be decrypted with the current APP_SECRET. Please use a plain text value.",
);
}
}
const salt = crypto.randomBytes(16);