Fix database encryption write operations and initialization
This commit fixes critical issues with the database encryption system: **Database Write Operations Fixed:** - Modified credential creation/update operations to use EncryptedDBOperations - Fixed SSH data and credential access to properly decrypt data - All sensitive data writes now go through encryption layer **Database Schema Migration:** - Added missing columns (private_key, public_key, detected_key_type) to ssh_credentials table - Fixed "no such column" SQLite errors during encrypted operations **Application Startup Order:** - Fixed DatabaseEncryption initialization timing issues - Moved encryption-dependent modules to load after encryption initialization - Prevents "DatabaseEncryption not initialized" errors **Key Management Improvements:** - Enhanced EncryptedDBOperations.insert() to return properly decrypted data with all fields - Fixed TypeScript type issues with database insert operations - Improved error handling for database encryption context All credential operations now properly encrypt sensitive data including SSH keys, passwords, and authentication tokens before writing to database.
This commit is contained in:
ZacharyZcR
@@ -373,7 +373,47 @@
|
||||
"deleteUser": "Delete user {{username}}? This cannot be undone.",
|
||||
"userDeletedSuccessfully": "User {{username}} deleted successfully",
|
||||
"failedToDeleteUser": "Failed to delete user",
|
||||
"overrideUserInfoUrl": "Override User Info URL (not required)"
|
||||
"overrideUserInfoUrl": "Override User Info URL (not required)",
|
||||
"databaseSecurity": "Database Security",
|
||||
"encryptionStatus": "Encryption Status",
|
||||
"enabled": "Enabled",
|
||||
"disabled": "Disabled",
|
||||
"keyId": "Key ID",
|
||||
"created": "Created",
|
||||
"migrationStatus": "Migration Status",
|
||||
"migrationCompleted": "Migration completed",
|
||||
"migrationRequired": "Migration required",
|
||||
"deviceProtectedMasterKey": "Device-Protected Master Key",
|
||||
"legacyKeyStorage": "Legacy Key Storage",
|
||||
"masterKeyEncryptedWithDeviceFingerprint": "Master key encrypted with device fingerprint (KEK protection active)",
|
||||
"keyNotProtectedByDeviceBinding": "Key not protected by device binding (upgrade recommended)",
|
||||
"valid": "Valid",
|
||||
"initializeDatabaseEncryption": "Initialize Database Encryption",
|
||||
"enableAes256EncryptionWithDeviceBinding": "Enable AES-256 encryption with device-bound master key protection. This creates enterprise-grade security for SSH keys, passwords, and authentication tokens.",
|
||||
"featuresEnabled": "Features enabled:",
|
||||
"aes256GcmAuthenticatedEncryption": "AES-256-GCM authenticated encryption",
|
||||
"deviceFingerprintMasterKeyProtection": "Device fingerprint master key protection (KEK)",
|
||||
"pbkdf2KeyDerivation": "PBKDF2 key derivation with 100K iterations",
|
||||
"automaticKeyManagement": "Automatic key management and rotation",
|
||||
"initializing": "Initializing...",
|
||||
"initializeEnterpriseEncryption": "Initialize Enterprise Encryption",
|
||||
"migrateExistingData": "Migrate Existing Data",
|
||||
"encryptExistingUnprotectedData": "Encrypt existing unprotected data in your database. This process is safe and creates automatic backups.",
|
||||
"testMigrationDryRun": "Test Migration (Dry Run)",
|
||||
"migrating": "Migrating...",
|
||||
"migrateData": "Migrate Data",
|
||||
"securityInformation": "Security Information",
|
||||
"sshPrivateKeysEncryptedWithAes256": "SSH private keys and passwords are encrypted with AES-256-GCM",
|
||||
"userAuthTokensProtected": "User authentication tokens and 2FA secrets are protected",
|
||||
"masterKeysProtectedByDeviceFingerprint": "Master encryption keys are protected by device fingerprint (KEK)",
|
||||
"keysBoundToServerInstance": "Keys are bound to this specific server instance",
|
||||
"pbkdf2HkdfKeyDerivation": "PBKDF2 + HKDF key derivation with 100K iterations",
|
||||
"backwardCompatibleMigration": "All data remains backward compatible during migration",
|
||||
"enterpriseGradeSecurityActive": "Enterprise-Grade Security Active",
|
||||
"masterKeysProtectedByDeviceBinding": "Your master encryption keys are protected by device fingerprint binding. This means even if someone gains access to your database files, they cannot decrypt the data without physical access to this server.",
|
||||
"important": "Important",
|
||||
"keepEncryptionKeysSecure": "Keep your encryption keys secure. Loss of encryption keys will result in permanent data loss. Regular backups are recommended.",
|
||||
"loadingEncryptionStatus": "Loading encryption status..."
|
||||
},
|
||||
"hosts": {
|
||||
"title": "Host Manager",
|
||||
|
||||
@@ -359,7 +359,47 @@
|
||||
"failedToRemoveAdminStatus": "移除管理员权限失败",
|
||||
"userDeletedSuccessfully": "用户 {{username}} 删除成功",
|
||||
"failedToDeleteUser": "删除用户失败",
|
||||
"overrideUserInfoUrl": "覆盖用户信息 URL(非必填)"
|
||||
"overrideUserInfoUrl": "覆盖用户信息 URL(非必填)",
|
||||
"databaseSecurity": "数据库安全",
|
||||
"encryptionStatus": "加密状态",
|
||||
"enabled": "已启用",
|
||||
"disabled": "已禁用",
|
||||
"keyId": "密钥 ID",
|
||||
"created": "创建时间",
|
||||
"migrationStatus": "迁移状态",
|
||||
"migrationCompleted": "迁移完成",
|
||||
"migrationRequired": "需要迁移",
|
||||
"deviceProtectedMasterKey": "设备保护主密钥",
|
||||
"legacyKeyStorage": "传统密钥存储",
|
||||
"masterKeyEncryptedWithDeviceFingerprint": "主密钥已通过设备指纹加密(KEK 保护已激活)",
|
||||
"keyNotProtectedByDeviceBinding": "密钥未受设备绑定保护(建议升级)",
|
||||
"valid": "有效",
|
||||
"initializeDatabaseEncryption": "初始化数据库加密",
|
||||
"enableAes256EncryptionWithDeviceBinding": "启用具有设备绑定主密钥保护的 AES-256 加密。这为 SSH 密钥、密码和身份验证令牌创建企业级安全保护。",
|
||||
"featuresEnabled": "启用的功能:",
|
||||
"aes256GcmAuthenticatedEncryption": "AES-256-GCM 认证加密",
|
||||
"deviceFingerprintMasterKeyProtection": "设备指纹主密钥保护 (KEK)",
|
||||
"pbkdf2KeyDerivation": "PBKDF2 密钥推导(10万次迭代)",
|
||||
"automaticKeyManagement": "自动密钥管理和轮换",
|
||||
"initializing": "初始化中...",
|
||||
"initializeEnterpriseEncryption": "初始化企业级加密",
|
||||
"migrateExistingData": "迁移现有数据",
|
||||
"encryptExistingUnprotectedData": "加密数据库中现有的未保护数据。此过程安全可靠,会自动创建备份。",
|
||||
"testMigrationDryRun": "测试迁移(演习模式)",
|
||||
"migrating": "迁移中...",
|
||||
"migrateData": "迁移数据",
|
||||
"securityInformation": "安全信息",
|
||||
"sshPrivateKeysEncryptedWithAes256": "SSH 私钥和密码使用 AES-256-GCM 加密",
|
||||
"userAuthTokensProtected": "用户认证令牌和 2FA 密钥受到保护",
|
||||
"masterKeysProtectedByDeviceFingerprint": "主加密密钥受设备指纹保护 (KEK)",
|
||||
"keysBoundToServerInstance": "密钥绑定到此特定服务器实例",
|
||||
"pbkdf2HkdfKeyDerivation": "PBKDF2 + HKDF 密钥推导(10万次迭代)",
|
||||
"backwardCompatibleMigration": "迁移过程中所有数据保持向后兼容",
|
||||
"enterpriseGradeSecurityActive": "企业级安全已激活",
|
||||
"masterKeysProtectedByDeviceBinding": "您的主加密密钥受设备指纹绑定保护。这意味着即使有人获得您的数据库文件访问权限,如果没有对此服务器的物理访问权限,他们也无法解密数据。",
|
||||
"important": "重要提示",
|
||||
"keepEncryptionKeysSecure": "请妥善保管您的加密密钥。丢失加密密钥将导致永久性数据丢失。建议定期备份。",
|
||||
"loadingEncryptionStatus": "正在加载加密状态..."
|
||||
},
|
||||
"hosts": {
|
||||
"title": "主机管理",
|
||||
|
||||
Reference in New Issue
Block a user