mkanoor · March 4, 2026 14:44
diff --git a/encryption key.yml b/encryption key.yml
 fields:
  - id: primary_encryption_secret
    type: string
    label: Primary Encryption Secret
    format: aes_key
    secret: true
    help_text: >-
      Used to derive AES keys for database encryption (note: may impact
      performance). Warning: This secret is not stored in our system; you must
      manually enter and remember it. If lost, an Activation reset is required.
      For key rotations, enter your new secret here and re-enter your previous
      secret into the Secondary Encryption Secret field to maintain access to
      historical events.
  - id: secondary_encryption_secret
    type: string
    label: Secondary Encryption Secret
    format: aes_key
    secret: true
    help_text: >-
      This field is used during key rotation to maintain access to legacy data.
      When updating your Primary Encryption Secret, you must manually re-enter
      your previous secret here. This allows the system to decrypt historical
      records while using the new string for future events. If left blank, the
      system assumes no rotation has occurred.
  - id: aes_salt
    type: string
    label: Salt
    format: aes_salt
    hidden: true
    secret: true
    help_text: >-
      To ensure cryptographic uniqueness, a random 32-byte salt is generated at
      the time of credential creation. This prevents identical input strings
      from producing the same AES key across different credentials. This field
      is managed automatically by the backend and remains hidden from the user
      interface.
	fields:
	- id: primary_encryption_secret
	type: string
	label: Primary Encryption Secret
	format: aes_key
	secret: true
	help_text: >-
	Used to derive AES keys for database encryption (note: may impact
	performance). Warning: This secret is not stored in our system; you must
	manually enter and remember it. If lost, an Activation reset is required.
	For key rotations, enter your new secret here and re-enter your previous
	secret into the Secondary Encryption Secret field to maintain access to
	historical events.
	- id: secondary_encryption_secret
	type: string
	label: Secondary Encryption Secret
	format: aes_key
	secret: true
	help_text: >-
	This field is used during key rotation to maintain access to legacy data.
	When updating your Primary Encryption Secret, you must manually re-enter
	your previous secret here. This allows the system to decrypt historical
	records while using the new string for future events. If left blank, the
	system assumes no rotation has occurred.
	- id: aes_salt
	type: string
	label: Salt
	format: aes_salt
	hidden: true
	secret: true
	help_text: >-
	To ensure cryptographic uniqueness, a random 32-byte salt is generated at
	the time of credential creation. This prevents identical input strings
	from producing the same AES key across different credentials. This field
	is managed automatically by the backend and remains hidden from the user
	interface.
No results found