Improve the `pgagroal-admin` command `master-key` to warn users about need for new encryption

agroal / pgagroal

High-performance connection pool for PostgreSQL

https://agroal.github.io/pgagroal/

BSD 3-Clause "New" or "Revised" License

667 stars 59 forks source link

Improve the `pgagroal-admin` command `master-key` to warn users about need for new encryption #425

Closed fluca1978 closed 3 months ago

fluca1978 commented 3 months ago

If there is a configuration already existing, and the user issues a master-key command, the system will not be anymore able to decrypt the file(s). It would be better to either: 1) warn the user about the (possible) need to re-encrypt files; 2) prevent the user to run master-key when already encrypted file exists, so that she need to manually remove/backup files before proceeding 3) make master-key to re-encrypt existing files.

jesperpedersen commented 3 months ago

Maybe 1) is the best option - just error out.

Then the user will have to explicit delete the file, and have to redo all the configuration manually...