stack

Files

Jason Woltje 9caaf91ecc fix(#280 ): Prevent encryption key exposure via logging

Enhanced logging security in crypto service to prevent potential key material leakage:
- Removed error object from logger.error() calls to prevent stack trace leakage
- Use generic error messages without sensitive details
- Constructor already validates key without exposing it in errors
- Added comprehensive tests to verify error messages don't contain key material

Security Impact:
- Prevents encryption key exposure through error logs
- Prevents stack traces that might contain sensitive crypto operation details
- All error messages are now generic and safe

Test Coverage:
- 18 tests covering all encryption/decryption scenarios
- Tests verify error messages don't expose key values
- Tests cover various invalid key formats (wrong length, non-hex, empty)

Files changed:
- apps/api/src/federation/crypto.service.ts (logging improvements)
- apps/api/src/federation/crypto.service.spec.ts (comprehensive test coverage)

Fixes #280

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-02-03 20:50:23 -06:00

qa-automation

fix(#280 ): Prevent encryption key exposure via logging

2026-02-03 20:50:23 -06:00

issue-140-verification.md

docs(orchestration): M4.1-Coordinator autonomous execution report

2026-02-01 18:17:59 -06:00

m4.1-final-status.md

docs(orchestration): ALL FIVE PHASES COMPLETE - Milestone near completion

2026-02-01 20:46:38 -06:00

m4.1-orchestration-plan.md

docs(orchestration): M4.1-Coordinator autonomous execution report