From 86d473c77909ac5ba7ac6670f2d86ed84f60b48d Mon Sep 17 00:00:00 2001
From: kisfenyo <nagyfenyvesi.viktor@gmail.com>
Date: Sat, 13 Jun 2026 10:20:36 +0200
Subject: [PATCH] adventurelog: mark SECRET_KEY as data_key (fail-closed
 restore annotation)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

SECRET_KEY ("Titkosítási kulcs") is a data-encrypting key — regenerating it on
restore would render stored data unreadable. data_key:true makes the controller
recover it from the guest's own app.yaml (live/PBS) and fail closed if it can't,
rather than ever regenerating. Pairs with controller v0.53.0.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 templates/adventurelog/.felhom.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/templates/adventurelog/.felhom.yml b/templates/adventurelog/.felhom.yml
index d1d1dcd..9980b4e 100644
--- a/templates/adventurelog/.felhom.yml
+++ b/templates/adventurelog/.felhom.yml
@@ -37,6 +37,11 @@ deploy_fields:
     type: secret
     generate: "hex:32"
     locked_after_deploy: true
+    # Data-encrypting key: the app secures stored data with it, so it must NOT be regenerated on
+    # restore (that would render restored data unreadable). The recovery unit stays secret-free; at
+    # restore the controller recovers this key from the guest's own app.yaml (live, or via the PBS
+    # whole-guest snapshot) and FAILS CLOSED (refuse + warn) if it cannot — never silently restores.
+    data_key: true
 
   - env_var: DB_PASSWORD
     label: "Adatbázis jelszó"