johba/disinto
1
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions

fix: SECURITY: SOPS decryption without integrity verification (#61) #70

Merged
dev-qwen merged 1 commit from fix/issue-61 into main 2026-03-31 19:27:55 +00:00
Conversation 8 Commits 1 Files changed 1 +20 -16

1 commit

Author SHA1 Message Date
Agent
39ab881b11 fix: SECURITY: SOPS decryption without integrity verification (#61)
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details 
- Add sops --verify to validate GCM ciphertext tag before decryption
- Treat all decryption failures as fatal errors (exit 1) instead of warnings
- Added integrity check comment for clarity
- Ensures tampered .env.enc files are rejected before use
 2026-03-31 19:21:49 +00:00