admin/app-catalog-felhom.eu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adventurelog: mark SECRET_KEY as data_key (fail-closed restore annotation)

Browse Source 
SECRET_KEY ("Titkosítási kulcs") is a data-encrypting key — regenerating it on
restore would render stored data unreadable. data_key:true makes the controller
recover it from the guest's own app.yaml (live/PBS) and fail closed if it can't,
rather than ever regenerating. Pairs with controller v0.53.0.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
authentik Default Admin
2026-06-13 10:20:36 +02:00
parent 7e6223190b
commit 86d473c779
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
templates/adventurelog/.felhom.yml
+5
View File
@@ -37,6 +37,11 @@ deploy_fields:
type: secret type: secret
generate: "hex:32" generate: "hex:32"
locked_after_deploy: true locked_after_deploy: true
# Data-encrypting key: the app secures stored data with it, so it must NOT be regenerated on
# restore (that would render restored data unreadable). The recovery unit stays secret-free; at
# restore the controller recovers this key from the guest's own app.yaml (live, or via the PBS
# whole-guest snapshot) and FAILS CLOSED (refuse + warn) if it cannot — never silently restores.
data_key: true
- env_var: DB_PASSWORD - env_var: DB_PASSWORD
label: "Adatbázis jelszó" label: "Adatbázis jelszó"