From 0f5a6823ecf5e923a3ac955106b4d02ed81261e9 Mon Sep 17 00:00:00 2001 From: Nicolas Meienberger Date: Mon, 18 May 2026 21:14:20 +0200 Subject: [PATCH] refactor(crypto): reject encrypted values from another secret --- app/server/utils/crypto.ts | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/app/server/utils/crypto.ts b/app/server/utils/crypto.ts index 97e87e85..a310d911 100644 --- a/app/server/utils/crypto.ts +++ b/app/server/utils/crypto.ts @@ -38,7 +38,14 @@ const encrypt = async (data: string) => { } if (isEncrypted(data)) { - return data; + try { + await decrypt(data); + return data; + } catch { + throw new Error( + "You have provided an encrypted value that cannot be decrypted with the current APP_SECRET. Please use a plain text value.", + ); + } } const salt = crypto.randomBytes(16);