@growy/strapi-plugin-encrypted-field 2.4.1 → 2.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/CHANGELOG.md +5 -0
  2. package/README.md +16 -6
  3. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -2,6 +2,11 @@
2
2
 
3
3
  All notable changes to this project will be documented in this file.
4
4
 
5
+ ## [2.4.2] - 2026-02-26
6
+
7
+ ### Changed
8
+ - Improved Key Rotation documentation with a detailed step-by-step foolproof guide to prevent data loss.
9
+
5
10
  ## [2.4.1] - 2026-02-26
6
11
 
7
12
  ### Changed
package/README.md CHANGED
@@ -207,15 +207,25 @@ apiKey: "sk-1234567890abcdef"
207
207
  4. **Key backup**: Keep secure copies of keys in multiple locations
208
208
  5. **Private fields**: Mark sensitive fields as "private" to exclude them from the public API
209
209
 
210
- ### Key Rotation
210
+ ### Key Rotation (Preventing Data Loss)
211
211
 
212
- If you need to change your encryption key, use the included rotation script to re-encrypt existing data:
212
+ ⚠️ **IMPORTANT**: If you change `ENCRYPTION_KEY` in your `.env` without re-encrypting your data first, **all existing data will become unreadable**.
213
213
 
214
- ```bash
215
- node scripts/rotate-key.js --old=<CURRENT_64_CHAR_KEY> --new=<NEW_64_CHAR_KEY>
216
- ```
214
+ #### Safe Rotation Process:
215
+
216
+ 1. **Keep your OLD key** accessible for a moment.
217
+ 2. **Generate a NEW key** (64-character hexadecimal).
218
+ 3. **Export the encrypted values** from your database.
219
+ 4. **Run the rotation script** included in this plugin:
220
+ ```bash
221
+ # From your project root
222
+ node node_modules/@growy/strapi-plugin-encrypted-field/scripts/rotate-key.js --old=<OLD_KEY> --new=<NEW_KEY>
223
+ ```
224
+ 5. **Update your database** with the new encrypted values returned by the script.
225
+ 6. **Update your `.env`** with the `NEW_KEY`.
226
+ 7. **Restart Strapi**.
217
227
 
218
- The script reads encrypted values from stdin, decrypts with the old key, and re-encrypts with the new key. See the script output for database-specific integration examples (PostgreSQL, etc.).
228
+ The script works as a pipe (stdin to stdout). See the script output or documentation for database-specific integration examples (e.g., PostgreSQL loops).
219
229
 
220
230
  ## Use Cases
221
231
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@growy/strapi-plugin-encrypted-field",
3
- "version": "2.4.1",
3
+ "version": "2.4.2",
4
4
  "description": "Custom encrypted text field plugin for Strapi using AES-256-GCM",
5
5
  "strapi": {
6
6
  "name": "encrypted-field",