From b5b15c2496290f2517f093b68cf8a9f60f9d45ee Mon Sep 17 00:00:00 2001
From: fuomag9 <1580624+fuomag9@users.noreply.github.com>
Date: Wed, 25 Feb 2026 20:33:45 +0100
Subject: [PATCH] fix: use explicit empty Buffer as HKDF salt and log legacy
 key fallback

- Replace empty string "" salt with Buffer.alloc(0) for explicit intent
  in security-critical HKDF call
- Add console.warn when legacy SHA-256 decryption path is taken so
  operators can track when all secrets have been re-encrypted

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 src/lib/secret.ts | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/lib/secret.ts b/src/lib/secret.ts
index f7d35727..8424fa27 100644
--- a/src/lib/secret.ts
+++ b/src/lib/secret.ts
@@ -6,7 +6,7 @@ const IV_LENGTH = 12;
 
 function deriveKey(): Buffer {
   return Buffer.from(
-    hkdfSync("sha256", config.sessionSecret, "", "caddy-proxy-manager:secret:v1", 32)
+    hkdfSync("sha256", config.sessionSecret, Buffer.alloc(0), "caddy-proxy-manager:secret:v1", 32)
   );
 }
 
@@ -35,10 +35,12 @@ export function decryptSecret(value: string): string {
   if (!value) return "";
   if (!isEncryptedSecret(value)) return value;
 
-  // Try new HKDF key first, fall back to old SHA-256 key for existing data
+  // Try new HKDF key first, fall back to old SHA-256 key for existing data.
+  // Log when the legacy path is taken so operators know when re-encryption is complete.
   try {
     return _decryptWithKey(value, deriveKey());
   } catch {
+    console.warn("[secret] HKDF decryption failed; retrying with legacy SHA-256 key. Re-encrypt this secret to remove the legacy key dependency.");
     return _decryptWithKey(value, deriveKeyLegacy());
   }
 }