diff --git a/.env.example b/.env.example index 85112d0d..b60fa8ed 100644 --- a/.env.example +++ b/.env.example @@ -26,7 +26,7 @@ AGENT_HOST_PORT=7860 AUTH_SECRET_KEY=change-me-to-a-random-secret-32-chars-min # Fernet-ключ шифрования паролей подключений и API-ключей. # Сгенерировать: python3 -c "import base64,os; print(base64.urlsafe_b64encode(os.urandom(32)).decode())" -ENCRYPTION_KEY=3YIxOr3_GFht9ZyjRQMqOdtuO1CKOj8Y9mpY89iMbZY= +ENCRYPTION_KEY=D40dpvWPZxKd41jeaTHtEs2R7nwMVLxbkMRLjAICRls= # Сервисный токен для agent→backend вызовов. # Сгенерировать: python3 -c "import secrets; print('svc-' + secrets.token_urlsafe(24))" SERVICE_JWT=agent-service-secret diff --git a/frontend/src/lib/components/security/KeyRecoveryWizard.svelte b/frontend/src/lib/components/security/KeyRecoveryWizard.svelte index d6f49239..ea4531ec 100644 --- a/frontend/src/lib/components/security/KeyRecoveryWizard.svelte +++ b/frontend/src/lib/components/security/KeyRecoveryWizard.svelte @@ -2,9 +2,11 @@ - -{#if show && model.state !== "idle"} -
{t.settings?.encryption_recovery_healthy || "All known encrypted secrets can be decrypted."}
-
- {t.settings?.encryption_recovery_key_fingerprint || "Key fingerprint"}: {model.health?.key_fingerprint ?? "?"}
-
{t.settings?.encryption_recovery_key_fingerprint || "Key fingerprint"}: {model.health?.key_fingerprint ?? "?"}
{t.settings?.encryption_recovery_auth_vs_encryption || "Changing AUTH_SECRET_KEY logs users out. Changing ENCRYPTION_KEY requires re-entering stored secrets or running re-encryption."}
-- {t.settings?.encryption_recovery_git_token_hint || "Git tokens are personal. Each user must open Profile → Git token and enter a new PAT."} -
- {/if} -{t.settings?.encryption_recovery_empty_category || "No broken items in this category."}
- {/if} - {/if} - - - {#if model.state === "needs_recovery"} -{t.settings?.encryption_recovery_recommended || "Recommended if old key is available:"}
-
- {t.settings?.encryption_recovery_reencrypt_cmd || "OLD_ENCRYPTION_KEY= NEW_ENCRYPTION_KEY= \\\n python -m src.scripts.reencrypt --dry-run"}
-
- {t.settings?.encryption_recovery_healthy || "All known encrypted secrets can be decrypted."}
+{t.settings?.encryption_recovery_key_fingerprint || "Key fingerprint"}: {model.health?.key_fingerprint ?? "?"}
{t.settings?.encryption_recovery_key_fingerprint || "Key fingerprint"}: {model.health?.key_fingerprint ?? "?"}
{t.settings?.encryption_recovery_auth_vs_encryption || "Changing AUTH_SECRET_KEY..."}
+{t.settings?.encryption_recovery_git_token_hint || "Git tokens are personal..."}
+ {/if} +{t.settings?.encryption_recovery_empty_category || "No broken items in this category."}
+ {/if} + {/if} + + {#if model.state === "needs_recovery"} +{t.settings?.encryption_recovery_recommended || "Recommended if old key is available:"}
+{t.settings?.encryption_recovery_reencrypt_cmd || "..."}
+