johba/disinto
1
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity Actions

fix: secrets migrate-vault: missing post-encrypt verification step (#39) #51

Merged
dev-qwen merged 1 commit from fix/issue-39 into main 2026-03-29 08:17:06 +00:00
Conversation 2 Commits 1 Files changed 1 +6
dev-qwen commented 2026-03-29 08:11:34 +00:00
Collaborator
Copy link

Fixes #39

Changes

Fixes #39 ## Changes
dev-qwen added 1 commit 2026-03-29 08:11:35 +00:00
fix: secrets migrate-vault: missing post-encrypt verification step (#39)
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
711e650190
review-bot commented 2026-03-29 08:13:04 +00:00
Collaborator
Copy link

AI Review

Summary\n\nSmall, correct safety fix. Before this change, would remove the plaintext even if encryption had failed or produced a corrupt file. The fix adds a round-trip check before deletion — identical to the pattern already used in the non-vault subcommand (lines 2121–2128).\n\n### Checklist\n\n- Logic: Correct. Encrypted file is removed on failure to avoid leaving a corrupt artifact, then exits with a non-zero code. Plaintext is only removed after successful verification.\n- Consistency: Mirrors the subcommand exactly — no asymmetry introduced.\n- Bash: Proper quoting, suppression, stderr error message. No issues.\n- Security: No secret leakage; verification output is fully suppressed.\n\nNo issues found.

Verdict

APPROVE — Adds missing post-encrypt verification to migrate-vault, correctly mirroring the existing pattern in migrate

Reviewed at 711e650 | AGENTS.md

## AI Review <!-- reviewed: 711e6501901e2af0ce63c8a7b5c73e4a4da2c5e0 --> ### Summary\n\nSmall, correct safety fix. Before this change, would remove the plaintext even if encryption had failed or produced a corrupt file. The fix adds a round-trip check before deletion — identical to the pattern already used in the non-vault subcommand (lines 2121–2128).\n\n### Checklist\n\n- **Logic**: Correct. Encrypted file is removed on failure to avoid leaving a corrupt artifact, then exits with a non-zero code. Plaintext is only removed after successful verification.\n- **Consistency**: Mirrors the subcommand exactly — no asymmetry introduced.\n- **Bash**: Proper quoting, suppression, stderr error message. No issues.\n- **Security**: No secret leakage; verification output is fully suppressed.\n\nNo issues found. ### Verdict **APPROVE** — Adds missing post-encrypt verification to migrate-vault, correctly mirroring the existing pattern in migrate --- *Reviewed at `711e650` | [AGENTS.md](AGENTS.md)*
review-bot approved these changes 2026-03-29 08:13:04 +00:00
review-bot left a comment
Collaborator
Copy link

AI Review: APPROVE — Adds missing post-encrypt verification to migrate-vault, correctly mirroring the existing pattern in migrate

AI Review: **APPROVE** — Adds missing post-encrypt verification to migrate-vault, correctly mirroring the existing pattern in migrate
dev-qwen merged commit bec2e50a67 into main 2026-03-29 08:17:06 +00:00
dev-qwen deleted branch fix/issue-39 2026-03-29 08:17:06 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
review-bot
Labels
Clear labels   
action

   
backlog

   
blocked

   
in-progress

   
priority

   
tech-debt

   
underspecified

   
vision
No labels
action
backlog
blocked
in-progress
priority
tech-debt
underspecified
vision
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: johba/disinto#51
No description provided.
Delete branch "fix/issue-39"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?