Skip to content

Add encrypted plugin settings support#8

Merged
dewitt4 merged 1 commit into
mainfrom
feature/plugin-settings
Apr 4, 2026
Merged

Add encrypted plugin settings support#8
dewitt4 merged 1 commit into
mainfrom
feature/plugin-settings

Conversation

@dewitt4
Copy link
Copy Markdown
Contributor

@dewitt4 dewitt4 commented Apr 4, 2026

Introduce AES-256-GCM encryption for sensitive plugin settings.

Changes:

  • Add PLUGIN_SETTINGS_ENCRYPTION_KEY to .env.example and instruct how to generate it.
  • New engine/plugin-settings-crypto.ts with encrypt/decrypt helpers (format: enc:::) and runtime validation of the key.
  • PluginManager and InstalledPluginsService now detect manifest setting definitions with encrypted: true and encrypt values on save.
  • InstalledPluginsService.getSettingsForContext added to return decrypted settings for plugin runtime, with graceful fallback on decryption errors.
  • SDK types updated to include encrypted?: true in plugin setting definitions.

Why: Protect sensitive configuration (API keys, secrets) stored in plugin settings while allowing gradual migration of existing plaintext values.

@dewitt4
Add encrypted plugin settings support
abee78a 
Introduce AES-256-GCM encryption for sensitive plugin settings.

Changes:
- Add PLUGIN_SETTINGS_ENCRYPTION_KEY to .env.example and instruct how to generate it.
- New engine/plugin-settings-crypto.ts with encrypt/decrypt helpers (format: enc:<iv>:<authTag>:<ciphertext>) and runtime validation of the key.
- PluginManager and InstalledPluginsService now detect manifest setting definitions with encrypted: true and encrypt values on save.
- InstalledPluginsService.getSettingsForContext added to return decrypted settings for plugin runtime, with graceful fallback on decryption errors.
- SDK types updated to include encrypted?: true in plugin setting definitions.

Why: Protect sensitive configuration (API keys, secrets) stored in plugin settings while allowing gradual migration of existing plaintext values.
@dewitt4 dewitt4 self-assigned this Apr 4, 2026
@dewitt4 dewitt4 added the enhancement New feature or request label Apr 4, 2026
@dewitt4 dewitt4 merged commit 76e35b4 into main Apr 4, 2026
4 checks passed
@dewitt4 dewitt4 deleted the feature/plugin-settings branch April 4, 2026 19:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@dewitt4 dewitt4

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dewitt4