From 7f966b504b6da4656c7ea93ea1cd91f1d808b86d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Tr=C3=A1vn=C3=ADk?= Date: Mon, 1 Dec 2025 17:02:50 +0100 Subject: [PATCH] Explicit warning regarding volume secrets Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- app/server/modules/lifecycle/config-export.controller.ts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/app/server/modules/lifecycle/config-export.controller.ts b/app/server/modules/lifecycle/config-export.controller.ts index 23bf7382..e91d00cf 100644 --- a/app/server/modules/lifecycle/config-export.controller.ts +++ b/app/server/modules/lifecycle/config-export.controller.ts @@ -263,7 +263,9 @@ export const configExportController = new Hono() backupSchedulesRaw, scheduleNotifications, volumeMap, repoMap, notificationMap, params ); - // TODO: Volumes will have encrypted secrets (e.g., SMB/NFS credentials) in a future PR + // WARNING: As of now, volume exports may include sensitive data (e.g., SMB/NFS credentials) in cleartext. + // This is a known security limitation. Handle exported configuration files with care. + // Future PRs will implement encryption for these secrets. const [exportVolumes, exportRepositories, exportNotifications] = await Promise.all([ exportEntities(volumes, params), exportEntities(repositories, params),