mirror of
https://github.com/pocket-id/pocket-id.git
synced 2026-01-09 01:17:56 -05:00
🚀 Feature: Encrypt private key saved to DB #132
Closed
opened 2025-07-08 08:40:40 -04:00 by AtHeartEngineer
·
0 comments
No Branch/Tag Specified
main
feat/kyles-pagination-attempt
i18n_crowdin
feat/self-host-icons
feat/pagination-improvements
slog-gorm
v1.11.2
v1.11.1
v1.11.0
v1.10.0
v1.9.1
v1.9.0
v1.8.1
v1.8.0
v1.7.0
v1.6.4
v1.6.3
v1.6.2
v1.6.1
v1.6.0
v1.5.0
v1.4.1
v1.4.0
v1.3.1
v1.3.0
v1.2.0
v1.1.0
v1.0.0
v0.53.0
v0.52.0
v0.51.1
v0.51.0
v0.50.0
v0.49.0
v0.48.0
v0.47.0
v0.46.0
v0.45.0
v0.44.0
v0.43.1
v0.43.0
v0.42.1
v0.42.0
v0.41.0
v0.40.1
v0.40.0
v0.39.0
v0.38.0
v0.37.0
v0.36.0
v0.35.6
v0.35.5
v0.35.4
v0.35.3
v0.35.2
v0.35.1
v0.35.0
v0.34.0
v0.33.0
v0.32.0
v0.31.0
v0.30.0
v0.29.0
v0.28.1
v0.28.0
v0.27.2
v0.27.1
v0.27.0
v0.26.0
v0.25.1
v0.25.0
v0.24.1
v0.24.0
v0.23.0
v0.22.0
v0.21.0
v0.20.1
v0.20.0
v0.19.0
v0.18.0
v0.17.0
v0.16.0
v0.15.0
v0.14.0
v0.13.1
v0.13.0
v0.12.0
v0.11.0
v0.10.0
v0.9.0
v0.8.1
v0.8.0
v0.7.1
v0.7.0
v0.6.0
v0.5.3
v0.5.2
v0.5.1
v0.5.0
v0.4.1
v0.4.0
v0.3.1
v0.3.0
v0.2.1
v0.2.0
v0.1.3
v0.1.2
v0.1.1
v0.1.0
Labels
Clear labels
breaking
breaking
breaking
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
go
go
javascript
javascript
javascript
javascript
javascript
javascript
needs more upvotes
needs more upvotes
needs more upvotes
needs more upvotes
needs more upvotes
needs more upvotes
open to pull requests
open to pull requests
open to pull requests
open to pull requests
open to pull requests
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
AtHeartEngineer
Clear assignees
AtHeartEngineer
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: github/pocket-id#132
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @ItalyPaleAle on 5/28/2025
Feature description
The private key is currently stored on disk un-encrypted. Anyone with access to the file system can get the "keys to the kingdom".
The private key could optionally be encrypted when stored to disk. The decryption key is provided to Pocket ID via env vars (e.g.
ENCRYPTION_KEY) or with the name of another file containing the key (ENCRYPTION_KEY_FILE).This allows also using a command to retrieve the key encryption key, e.g. to fetch it from a vault of some sort.
Pitch
Data stored on disk is not always safe and can be leaked or stolen by malicious code. Encrypting the private key is a simple and effective way to keep the "keys to the kingdom" safe.