a lot of things

src/modules/credentials/credentialTypeDefs.ts

@@ -1,5 +1,9 @@
 export enum ValueType {
   PLAIN_TEXT = "plain_text",
+  LICENSE_KEY = "license_key",
+  IP_ADDRESS = "ip_address",
+  GENERIC_SECRET = "generic_secret",
+  BITLOCKER_KEY = "bitlocker_key",
   PASSWORD = "password",
 }
 
@@ -12,7 +16,6 @@ export interface CredentialTypeField {
 }
 
 export interface CredentialField {
-  id: string; // CUID
   fieldId: string; // I.e. "clientId", "clientSecret", etc.
   value: string; // Encrypted value stored in the database
 }

src/modules/credentials/fieldValidator.ts

@@ -19,7 +19,6 @@ export const fieldValidator = async (
   acceptableFields: CredentialTypeField[],
 ): Promise<
   {
-    id: string;
     fieldId: string;
     value: string;
     secure: boolean;
@@ -47,7 +46,6 @@ export const fieldValidator = async (
     const matchingField = afCollection.get(field.fieldId)!;
 
     return {
-      id: field.id,
       fieldId: field.fieldId,
       value: field.value,
       secure: matchingField.secure,

src/modules/credentials/generateSecureValue.ts

@@ -6,10 +6,13 @@ export const generateSecureValue = (content: string) => {
   // Generate a hash of the content
   const hash = Password.hash(content);
 
+  // Parse the PKCS#1 PEM key into a proper KeyObject
+  const publicKey = crypto.createPublicKey(secureValuesPublicKey);
+
   // Encrypt the content using the .secureValues.pub public key
   const encrypted = crypto.publicEncrypt(
     {
-      key: secureValuesPublicKey,
+      key: publicKey,
       padding: crypto.constants.RSA_PKCS1_OAEP_PADDING,
       oaepHash: "sha256",
     },

src/modules/credentials/readSecureValue.ts

@@ -1,20 +1,36 @@
 import Password from "../tools/Password";
 import crypto from "crypto";
 import { secureValuesPrivateKey } from "../../constants";
+import GenericError from "../../Errors/GenericError";
+
+const privateKey = crypto.createPrivateKey(secureValuesPrivateKey);
 
 export const readSecureValue = (
   encryptedContent: string,
   hash?: string,
 ): string => {
-  // Decrypt the content using the .secureValues.key private key
-  const decrypted = crypto.privateDecrypt(
-    {
-      key: secureValuesPrivateKey,
-      padding: crypto.constants.RSA_PKCS1_OAEP_PADDING,
-      oaepHash: "sha256",
-    },
-    Buffer.from(encryptedContent, "base64"),
-  );
+  let decrypted: Buffer;
+
+  try {
+    // Decrypt the content using the .secureValues.key private key
+    decrypted = crypto.privateDecrypt(
+      {
+        key: privateKey,
+        padding: crypto.constants.RSA_PKCS1_OAEP_PADDING,
+        oaepHash: "sha256",
+      },
+      Buffer.from(encryptedContent, "base64"),
+    );
+  } catch {
+    throw new GenericError({
+      name: "SecureValueDecryptionError",
+      message:
+        "Unable to decrypt secure value. The value was encrypted with a different key and must be re-entered.",
+      cause:
+        "RSA key mismatch — the current private key does not match the public key used to encrypt this value.",
+      status: 422,
+    });
+  }
 
   const content = decrypted.toString("utf-8");
 

src/modules/globalEvents.ts

@@ -19,6 +19,7 @@ interface EventTypes {
     user: UserController;
     updatedValues: Partial<User>;
   }) => void;
+  "user:deleted": (data: { id: string }) => void;
   "user:authenticated": (data: {
     user: UserController;
     tokens: SessionTokensObject;