allow to encrypt keys in db, add browser-only key generator, add hints that private keys are stored on the server (#420)

2025-09-15 07:11:15 +00:00 · 2025-05-02 18:48:35 +02:00
parent dddf0c475b
commit b9c4ca04f5
15 changed files with 529 additions and 17 deletions
--- a/internal/config/database.go
+++ b/internal/config/database.go
@@ -25,4 +25,7 @@ type DatabaseConfig struct {
 	// For SQLite, it is the path to the database file.
 	// For other databases, it is the connection string, see: https://gorm.io/docs/connecting_to_the_database.html
 	DSN string `yaml:"dsn"`
+	// EncryptionPassphrase is the passphrase used to encrypt sensitive data (WireGuard keys) in the database.
+	// If no passphrase is provided, no encryption will be used.
+	EncryptionPassphrase string `yaml:"encryption_passphrase"`
 }