mirror of
https://github.com/mauriceboe/TREK.git
synced 2026-06-19 21:31:46 +00:00
jubnl
1b28bd96d4
The smtp_pass setting was stored as plaintext in app_settings, exposing SMTP credentials to anyone with database read access. Apply the same encrypt_api_key/decrypt_api_key pattern already used for OIDC client secrets and API keys. A new migration transparently re-encrypts any existing plaintext value on startup; decrypt_api_key handles legacy plaintext gracefully so in-flight reads remain safe during upgrade.