gilles/system_update
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: chiffrement AES-256-GCM des secrets + lecture env

Browse Source 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
gilles soulier
2026-06-04 20:58:04 +02:00
parent a3f728b5ba
commit feb136ffc1
3 changed files with 64 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/crypto/secrets.test.ts
+23
View File
@@ -0,0 +1,23 @@
// server/crypto/secrets.test.ts
import { describe, it, expect } from "vitest";
import { encryptSecret, decryptSecret } from "./secrets.js";
const KEY = "a".repeat(64); // 32 octets en hex
describe("secrets", () => {
it("round-trip encrypt/decrypt restitue le texte clair", () => {
const blob = encryptSecret("hunter2", KEY);
expect(blob).not.toContain("hunter2");
expect(decryptSecret(blob, KEY)).toBe("hunter2");
});
it("produit un blob différent à chaque chiffrement (IV aléatoire)", () => {
expect(encryptSecret("x", KEY)).not.toBe(encryptSecret("x", KEY));
});
it("échoue si le blob a été altéré (tag GCM)", () => {
const blob = encryptSecret("secret", KEY);
const tampered = blob.slice(0, -2) + (blob.endsWith("a") ? "b" : "a");
expect(() => decryptSecret(tampered, KEY)).toThrow();
});
});