Replace x.Dialect().URI().DBType with x.DriverName() for more reliable database driver detection. Add support for 'pgx' and 'sqlite' driver variants alongside existing 'postgres' and 'sqlite3'. Improve logging with driver information and error messages for better migration debugging.
Implements explicit column migration logic to handle schema upgrades that xorm.Sync() doesn't reliably perform. Adds encryption_mode column migration for vault_secret table to support lockbox (E2E) encryption. Includes database-agnostic column existence checks and ALTER TABLE statement generation for PostgreSQL, MySQL, SQLite, and MSSQL.
Creates new API.md with complete API reference including:
- Architecture and encryption model documentation
- Installation and configuration guides
- Authentication methods and API endpoints
- Go package API documentation
- Error codes and code examples
- License tier information
Also updates README.md to reference the new API documentation.
Documents the new Lockbox feature for client-side encryption including:
- Feature comparison table between standard and lockbox modes
- Encryption scheme details (Argon2id + AES-256-GCM)
- API usage examples for Go, TypeScript, and Python SDKs
- Raw API endpoint documentation for manual encryption
Added encryption_mode field to secrets supporting "standard" (server-side) and "lockbox" (client-side E2E) modes. Updated API to validate lockbox format (lockbox:v1:salt:ciphertext). Enhanced UI to display lock icons and badges for lockbox secrets. Lockbox secrets show locked state in web UI, requiring CLI/SDK for decryption.
Replaced inline confirm() dialogs with proper modal dialogs for key migration, DEK rotation, token revocation, and version rollback operations. Improves UX and provides better context for destructive actions.
Implemented master key migration to re-encrypt vault DEKs when the master key changes. Added support for migrating single repositories or instance-wide. Implemented DEK rotation for Enterprise licenses to periodically rotate data encryption keys. Added new UI templates and API endpoints for key management operations with comprehensive error handling.
Added support for hex-encoded master keys (64 hex chars = 32 bytes) in crypto manager with fallback to raw bytes. Implemented comprehensive error handling for encryption/decryption failures across all vault endpoints (API and web). Created dedicated error template with user-friendly guidance for resolving key mismatch issues.
Sets up git credential configuration and Go environment variables (GOPRIVATE, GONOSUMDB) to enable fetching private modules from git.marketally.com and code.gitcaddy.com during builds. Uses RELEASE_TOKEN secret for authentication and disables public proxy for private repositories.
Adds English locale strings for vault encryption key warnings including fallback key usage, decryption failures, and encryption errors. Provides user-friendly explanations and remediation steps for each error scenario.
Adds tracking of master key source (app.ini, env var, file, or Gitea SECRET_KEY fallback) and exposes methods to check if fallback key is in use. This enables better visibility into which key configuration is active and helps identify when the system is using the less secure fallback option.
Implements dual authentication strategy for secret management endpoints (PUT, restore, list versions, rollback). When Gitea user authentication is not available, the system now falls back to vault token authentication. This enables both user-based and token-based access patterns.
Changes include:
- Add Comment field to CreateSecretRequest for update operations
- Replace requireRepoWrite helper with inline auth checks
- Support userID=0 for token-based operations
- Apply consistent auth pattern across all affected endpoints
Moves release-specific jobs (keygen build and server trigger) from build.yml to new release-with-server.yml workflow. The build workflow now focuses on CI tasks (lint/test) and runs on push/PR, while release workflow handles manual releases via workflow_dispatch. This separation improves clarity and allows independent execution of build checks vs release processes.
Implements vault token (gvt_) authentication as an alternative to Gitea user auth for secrets API endpoints. Adds authenticateVaultToken helper that validates tokens, checks repository permissions, and supports both read and write operations. Updates list, get, and delete secret handlers to accept vault tokens with appropriate scopes.
Add GET /token/info API endpoint for vault token introspection. Allows clients to validate tokens and retrieve scope, permissions, and expiration info. Implement GetTokenInfo service method that validates tokens without checking specific permissions.
Replace if-else chains with switch statements for cleaner error handling in CreateSecret routes. This improves readability and makes it easier to add new error cases.
Add license limit enforcement when creating secrets and tokens. Pass license limits to service layer and return appropriate errors when tier limits are exceeded. Handle limit errors in both API and web routes with proper error messages prompting users to upgrade.
Allow vault to run without a license file by defaulting to Solo tier (free). When no license is found, treat it as valid with Solo tier limits instead of returning an error. This enables free usage with basic features.
Replace requireLicense with requireWebLicense in all web route handlers to render proper HTML error pages instead of JSON responses when license validation fails. Add requireWebLicense helper that uses web context to display the not_installed template.
Add SecretsByType grouping to vault list handler that was referenced in the template but not populated. Replace base/paginate template with custom pagination to match vault UI styling.
Add master key configuration check and display placeholder message when vault is not configured. Populate secret and user names in audit entries for better readability. Support never-expiring tokens by allowing "0" or empty TTL values.
Replace custom chi.Router extraction logic with the new plugins.PluginRouter interface. This simplifies route registration by using the standardized plugin API instead of type assertions and reflection.
Move specific routes like /secrets/new and /secrets/{name}/versions before generic /secrets/{name} to prevent the parameter route from matching first. This ensures static paths and suffixed parameter routes are matched correctly before bare parameter routes.
The cs-CZ locale file was corrupted with garbled characters. This restores the proper JSON structure and fixes character encoding issues in the Czech translations for the vault feature.
Adds complete translations for Czech, Greek, Persian, Finnish, Irish, Hindi, Hungarian, Indonesian, Icelandic, Latvian, Portuguese (Portugal), Sinhala, Slovak, Swedish, Turkish, and Ukrainian. Updates existing translations for German, Spanish, French, Italian, Japanese, Korean, Dutch, Polish, Portuguese (Brazil), Russian, Chinese (Simplified), and Chinese (Traditional) with new vault comparison and file type features.
Document the architectural separation between gitcaddy-vault plugin and gitcaddy-server, including component locations, responsibilities, and the key rule for where to place interface types versus implementation code.
- Add new compare endpoint and template for viewing diffs between secret versions
- Display creator information (name and avatar) for each version
- Add locale strings for comparison UI, type filters, and view modes
- Enhance permission checks to include owner and access mode validation
- Add non-database fields to SecretVersion model for UI display
Add 'file' as a new secret type option in vault templates and locale. Include CreatedUnix and UsedCount fields in token service responses. Refactor vault view template layout to use flexbox for better responsive design and remove version history table from main view.
Adds edit secret form, hidden/raw value views, copy functionality, type filtering, and configuration error messages. Updates templates and adds new translation keys across all locale files for improved vault UX.
Loads the master encryption key during plugin initialization and provides helpful warnings if the key is not configured, guiding users to set MASTER_KEY in app.ini or GITCADDY_VAULT_KEY environment variable.
Adds support for configuring vault master key via [vault] MASTER_KEY in app.ini with highest priority. Also adds IsConfigured() and ConfigurationError() methods to plugin interface for better configuration validation. Priority order is now: app.ini > env var > file > gitea secret key.
- Remove hardcoded PluginVersion constant
- Add Version variable settable via ldflags
- Update routes.go to use Version for UI display
- Version now injected by server build process
Add automated workflow to trigger gitcaddy-server rebuild after vault releases. Fix CSRF token protection and update template helper function calls (TimeSince -> DateUtils.TimeSince, avatar -> AvatarUtils.Avatar) across all vault templates.
- Use DateUtils.FullTime instead of DateTime
- Use ctx.AvatarUtils.Avatar instead of avatar
- Use base/paginate template for pagination
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Explains that vault is source of truth for templates/locales,
and server syncs from vault at build time via sync-vault.sh.
Documents why Go plugins aren't used (compilation requirements).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add translations for vault license tier display including license, tier, max secrets, max versions, audit retention, and unlimited fields across all supported languages. Also remove extra blank lines from locale files for consistency.
- Center "No Secrets" empty state text
- Add license tier badge and version in header
- Show Audit/Tokens menu for users with write access
- Fix permission checks with fallbacks for team-based access
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Center "No Secrets" text and description
- Show license tier badge and version in header
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add service interface methods to VaultPlugin that delegate to the
standalone service functions. This allows the server's vault_service
to use GetPlugin() and call methods directly on the plugin.
Methods implemented:
- ListSecrets, GetSecret, GetSecretValue, CreateSecret, UpdateSecret
- DeleteSecret, RestoreSecret, RollbackSecret
- ListVersions
- ListTokens, CreateToken, RevokeToken, ValidateToken
- ListAuditEntries
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When compiled into the server, the router passed is *web.Router not chi.Router.
Added ChiRouterProvider interface to extract the underlying chi router.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Module path is now git.marketally.com/gitcaddy/gitcaddy-vault
to match the actual repository name.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change package from main to vault for import compatibility
- Add init() auto-registration when package is imported
- Remove plugin build jobs from CI (no longer needed)
- Update README for compiled-in architecture
- Add BSL 1.1 license
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove hardcoded GITCADDY_SERVER_VERSION
- Each job fetches latest server version from API
- Clear Go module cache before building plugins
- Simplify server-release.yml to only create tags (no main commits)
This ensures vault always builds against the correct server version.
