Skip to content

v1.4.0

Choose a tag to compare

@github-actions github-actions released this 03 Jul 16:07

Added

  • dmage rotate-key — re-encrypt every revision with a fresh Account Key (spec Appendix L).
    Client-driven, resumable after interruption, key generations tracked per blob. Requires
    dotmage-server with the rotation feature.

Security

  • Closes the documented v1 gap "a leaked Account Key decrypts all history forever":
    rotation makes old cached keys useless for anything pushed after it. Note: backups
    taken before a rotation remain decryptable by the old key — destroy or re-encrypt them
    when rotating after a device compromise.