feat(federation): seal federation peer client keys at rest (FED-M2-05) #495

Merged

jason.woltje merged 1 commits from feat/federation-m2-key-sealing-v2 into main

2026-04-22 03:10:20 +00:00

Author	SHA1	Message	Date
Jarvis	733f3b6611	feat(federation): seal federation peer client keys at rest (FED-M2-05) All checks were successful ci/woodpecker/push/ci Pipeline was successful Details ci/woodpecker/pr/ci Pipeline was successful Details - Add packages/auth/src/seal.ts: shared AES-256-GCM seal/unseal using BETTER_AUTH_SECRET - Export seal/unseal from @mosaicstack/auth index - Refactor provider-credentials.service.ts to import seal/unseal from @mosaicstack/auth - Add apps/gateway/src/federation/peer-key.util.ts: sealClientKey/unsealClientKey wrappers - Add peer-key.spec.ts with 5 vitest tests (round-trip, non-determinism, at-rest, tamper, missing secret) - Document key rotation deferred procedure in docs/federation/SETUP.md Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-21 22:02:59 -05:00

Author

SHA1

Message

Date

Jarvis

733f3b6611

feat(federation): seal federation peer client keys at rest (FED-M2-05)

ci/woodpecker/push/ci Pipeline was successful

Details

ci/woodpecker/pr/ci Pipeline was successful

Details

- Add packages/auth/src/seal.ts: shared AES-256-GCM seal/unseal using BETTER_AUTH_SECRET
- Export seal/unseal from @mosaicstack/auth index
- Refactor provider-credentials.service.ts to import seal/unseal from @mosaicstack/auth
- Add apps/gateway/src/federation/peer-key.util.ts: sealClientKey/unsealClientKey wrappers
- Add peer-key.spec.ts with 5 vitest tests (round-trip, non-determinism, at-rest, tamper, missing secret)
- Document key rotation deferred procedure in docs/federation/SETUP.md

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-21 22:02:59 -05:00

feat(federation): seal federation peer client keys at rest (FED-M2-05) #495

1 Commits