bigcyy opened a new pull request, #3604: URL: https://github.com/apache/hertzbeat/pull/3604
## What's changed? <!-- Describe Your PR Here --> This pull request enhances the AES encryption module to improve the initial setup process and default security posture. 1. If the application starts and cannot find a pre-existing AES key in the database and application.yml, it will now automatically generate a strong, unique key and persist it for future use. 2. When decrypting data, the system will first try the new (auto-generated or user-configured) key. If decryption fails (e.g., on data encrypted with an older key), it will automatically fall back and attempt to decrypt using the legacy default key. This guarantees that old data remains accessible after the upgrade. ## Checklist - [X] I have read the [Contributing Guide](https://hertzbeat.apache.org/docs/community/code_style_and_quality_guide) - [X] I have written the necessary doc or comment. - [ ] I have added the necessary unit tests and all cases have passed. ## Add or update API - [ ] I have added the necessary [e2e tests](https://github.com/apache/hertzbeat/tree/master/e2e) and all cases have passed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
