JSDoc: Module: utils/credentialEncryption

Module: utils/credentialEncryption

AES-256-GCM encryption for project credentials at rest.

Credentials (login username, password, CSS selectors) are encrypted before being persisted to the JSON database and decrypted when needed by the crawl/test pipeline.

The encryption key is derived from CREDENTIAL_SECRET env var (or the JWT_SECRET as fallback). In development, a deterministic key is derived from the project directory — acceptable for local use but NOT for production.

Exports

encryptCredentials — Encrypt a credentials object.
decryptCredentials — Decrypt a credentials object.

Source:

utils/credentialEncryption.js, line 1

Methods

(static) decryptCredentials(creds) → {Object|null}

Decrypt sensitive fields in a credentials object for use by the pipeline. If the credentials are not encrypted (legacy data), returns them as-is.

Parameters:

Name	Type	Description
`creds`	Object \| null	Stored credentials (possibly encrypted).

Source:

utils/credentialEncryption.js, line 109

Returns:

Decrypted credentials object, or null.

Type: Object | null

(static) encryptCredentials(creds) → {Object|null}

Encrypt sensitive fields in a credentials object before storage. Non-sensitive fields (CSS selectors) are stored as-is.

Parameters:

Name	Type	Description
`creds`	Object \| null	`{ usernameSelector, username, passwordSelector, password, submitSelector }`

Source:

utils/credentialEncryption.js, line 90

Returns:

Encrypted credentials object, or null.

Type: Object | null