Problem
FileKeyProvider::write_secure (stores/file.rs:227-254) writes files atomically via tokio::fs::write but does not fsync the file or its parent directory. A crash between write and OS flush could leave stale or empty files on disk (admin.token, auth.jwk, jwks.json), risking boot lockout.
Proposed fix
Add fsync (via File::sync_all) to write_secure after writing the file, and optionally fsync the parent directory for metadata durability.
Context
Surfaced during review of #324. Pre-existing across all file writes in the auth store.
Problem
FileKeyProvider::write_secure(stores/file.rs:227-254) writes files atomically viatokio::fs::writebut does notfsyncthe file or its parent directory. A crash between write and OS flush could leave stale or empty files on disk (admin.token,auth.jwk,jwks.json), risking boot lockout.Proposed fix
Add
fsync(viaFile::sync_all) towrite_secureafter writing the file, and optionally fsync the parent directory for metadata durability.Context
Surfaced during review of #324. Pre-existing across all file writes in the auth store.