wraith

History

Vantz Stockwell b11efce6ed feat(security): Argon2id key derivation for vault encryption BREAKING CHANGE (forward-only): New credentials/keys encrypted with v2 (Argon2id-derived AES-256-GCM). Existing v1 records decrypt transparently. - Argon2id params: 64 MiB memory, 3 iterations, 4 parallelism (OWASP) - Per-record 16-byte salt stored in ciphertext format - v2 format: v2:<salt>:<iv>:<authTag>:<ciphertext> - Backwards compatible: v1 records still decrypt with raw key - Admin endpoint POST /api/credentials/migrate-v2 upgrades all v1→v2 - Added docs/FUTURE-FEATURES.md with remaining spec gaps Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-14 13:40:41 -04:00
..
superpowers	fix: plan — async host key verification via ssh2 verify callback	2026-03-12 17:02:20 -04:00
FUTURE-FEATURES.md	feat(security): Argon2id key derivation for vault encryption	2026-03-14 13:40:41 -04:00

Vantz Stockwell b11efce6ed feat(security): Argon2id key derivation for vault encryption

BREAKING CHANGE (forward-only): New credentials/keys encrypted with v2
(Argon2id-derived AES-256-GCM). Existing v1 records decrypt transparently.

- Argon2id params: 64 MiB memory, 3 iterations, 4 parallelism (OWASP)
- Per-record 16-byte salt stored in ciphertext format
- v2 format: v2:<salt>:<iv>:<authTag>:<ciphertext>
- Backwards compatible: v1 records still decrypt with raw key
- Admin endpoint POST /api/credentials/migrate-v2 upgrades all v1→v2
- Added docs/FUTURE-FEATURES.md with remaining spec gaps

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-14 13:40:41 -04:00

superpowers

fix: plan — async host key verification via ssh2 verify callback

2026-03-12 17:02:20 -04:00

FUTURE-FEATURES.md

feat(security): Argon2id key derivation for vault encryption

2026-03-14 13:40:41 -04:00