Added encryption_mode field to secrets supporting "standard" (server-side) and "lockbox" (client-side E2E) modes. Updated API to validate lockbox format (lockbox:v1:salt:ciphertext). Enhanced UI to display lock icons and badges for lockbox secrets. Lockbox secrets show locked state in web UI, requiring CLI/SDK for decryption.
Replaced inline confirm() dialogs with proper modal dialogs for key migration, DEK rotation, token revocation, and version rollback operations. Improves UX and provides better context for destructive actions.
Implemented master key migration to re-encrypt vault DEKs when the master key changes. Added support for migrating single repositories or instance-wide. Implemented DEK rotation for Enterprise licenses to periodically rotate data encryption keys. Added new UI templates and API endpoints for key management operations with comprehensive error handling.
Added support for hex-encoded master keys (64 hex chars = 32 bytes) in crypto manager with fallback to raw bytes. Implemented comprehensive error handling for encryption/decryption failures across all vault endpoints (API and web). Created dedicated error template with user-friendly guidance for resolving key mismatch issues.
Add SecretsByType grouping to vault list handler that was referenced in the template but not populated. Replace base/paginate template with custom pagination to match vault UI styling.
Add master key configuration check and display placeholder message when vault is not configured. Populate secret and user names in audit entries for better readability. Support never-expiring tokens by allowing "0" or empty TTL values.
- Add new compare endpoint and template for viewing diffs between secret versions
- Display creator information (name and avatar) for each version
- Add locale strings for comparison UI, type filters, and view modes
- Enhance permission checks to include owner and access mode validation
- Add non-database fields to SecretVersion model for UI display
Add 'file' as a new secret type option in vault templates and locale. Include CreatedUnix and UsedCount fields in token service responses. Refactor vault view template layout to use flexbox for better responsive design and remove version history table from main view.
Adds edit secret form, hidden/raw value views, copy functionality, type filtering, and configuration error messages. Updates templates and adds new translation keys across all locale files for improved vault UX.
Add automated workflow to trigger gitcaddy-server rebuild after vault releases. Fix CSRF token protection and update template helper function calls (TimeSince -> DateUtils.TimeSince, avatar -> AvatarUtils.Avatar) across all vault templates.
- Use DateUtils.FullTime instead of DateTime
- Use ctx.AvatarUtils.Avatar instead of avatar
- Use base/paginate template for pagination
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add translations for vault license tier display including license, tier, max secrets, max versions, audit retention, and unlimited fields across all supported languages. Also remove extra blank lines from locale files for consistency.
- Center "No Secrets" empty state text
- Add license tier badge and version in header
- Show Audit/Tokens menu for users with write access
- Fix permission checks with fallbacks for team-based access
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Center "No Secrets" text and description
- Show license tier badge and version in header
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
