Skip to content

Commit e6adf8c

Browse files
cezudascezudas
committed
Load encryption key during block load
1 parent 4203caa commit e6adf8c

2 files changed

Lines changed: 3 additions & 21 deletions

File tree

packages/engine/src/lib/helper/block-loader.ts

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
import { Action, Block } from '@openops/blocks-framework';
2+
import { encryptionKeyInitializer } from '@openops/server-shared';
23
import {
34
ApplicationError,
45
ErrorCode,
@@ -24,6 +25,8 @@ const loadBlockOrThrow = async ({
2425
});
2526

2627
const module = await import(packageName);
28+
await encryptionKeyInitializer();
29+
2730
const block = extractBlockFromModule<Block>({
2831
module,
2932
blockName,

packages/server/shared/src/lib/security/encryption.ts

Lines changed: 0 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -14,21 +14,6 @@ let secret: string | null;
1414
const algorithm = 'aes-256-cbc';
1515
const ivLength = 16;
1616

17-
function ensureSecretLoaded(): void {
18-
if (isNil(secret)) {
19-
const loadedSecret = system.get(AppSystemProp.ENCRYPTION_KEY);
20-
if (loadedSecret) {
21-
secret = loadedSecret;
22-
logger.debug('Encryption key loaded via ensureSecretLoaded()');
23-
} else {
24-
logger.warn(
25-
'Encryption key not found in system properties when ensureSecretLoaded() was called. ' +
26-
'This may indicate an issue with the Lambda environment or OPS_ENCRYPTION_KEY not being set.',
27-
);
28-
}
29-
}
30-
}
31-
3217
const loadEncryptionKey = async (
3318
queueMode: QueueMode,
3419
): Promise<string | null> => {
@@ -60,7 +45,6 @@ const generateAndStoreSecret = async (): Promise<string> => {
6045
};
6146

6247
function encryptString(inputString: string): EncryptedObject {
63-
ensureSecretLoaded();
6448
const iv = crypto.randomBytes(ivLength); // Generate a random initialization vector
6549
assertNotNullOrUndefined(secret, 'secret');
6650
const key = Buffer.from(secret, 'binary');
@@ -79,7 +63,6 @@ function encryptObject(object: unknown): EncryptedObject {
7963
}
8064

8165
function encryptBuffer(inputBuffer: Buffer): EncryptedObject {
82-
ensureSecretLoaded();
8366
const iv = crypto.randomBytes(ivLength);
8467
assertNotNullOrUndefined(secret, 'secret');
8568
const key = Buffer.from(secret, 'binary');
@@ -93,7 +76,6 @@ function encryptBuffer(inputBuffer: Buffer): EncryptedObject {
9376
}
9477

9578
function decryptObject<T>(encryptedObject: EncryptedObject): T {
96-
ensureSecretLoaded();
9779
const iv = Buffer.from(encryptedObject.iv, 'hex');
9880
assertNotNullOrUndefined(secret, 'secret');
9981
const key = Buffer.from(secret, 'binary');
@@ -104,7 +86,6 @@ function decryptObject<T>(encryptedObject: EncryptedObject): T {
10486
}
10587

10688
function decryptBuffer(encryptedObject: EncryptedObject): Buffer {
107-
ensureSecretLoaded();
10889
const iv = Buffer.from(encryptedObject.iv, 'hex');
10990
assertNotNullOrUndefined(secret, 'secret');
11091
const key = Buffer.from(secret, 'binary');
@@ -116,7 +97,6 @@ function decryptBuffer(encryptedObject: EncryptedObject): Buffer {
11697
}
11798

11899
function decryptString(encryptedObject: EncryptedObject): string {
119-
ensureSecretLoaded();
120100
const iv = Buffer.from(encryptedObject.iv, 'hex');
121101
assertNotNullOrUndefined(secret, 'secret');
122102
const key = Buffer.from(secret, 'binary');
@@ -127,7 +107,6 @@ function decryptString(encryptedObject: EncryptedObject): string {
127107
}
128108

129109
function get16ByteKey(): string {
130-
ensureSecretLoaded();
131110
assertNotNullOrUndefined(secret, 'secret is not defined');
132111
return secret;
133112
}

0 commit comments

Comments
 (0)