From 3aee8e030e6114d1c273eaa5d33502d839224c10 Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Mon, 16 Sep 2024 13:17:39 +0200
Subject: [PATCH] Fix: Encrypt private SSH keys in the DB

---
 app/Models/PrivateKey.php                     |  4 ++++
 ...6_111428_encrypt_existing_private_keys.php | 19 +++++++++++++++++++
 2 files changed, 23 insertions(+)
 create mode 100644 database/migrations/2024_09_16_111428_encrypt_existing_private_keys.php

diff --git a/app/Models/PrivateKey.php b/app/Models/PrivateKey.php
index b047af6bb..7cb58657c 100644
--- a/app/Models/PrivateKey.php
+++ b/app/Models/PrivateKey.php
@@ -32,6 +32,10 @@ class PrivateKey extends BaseModel
         'team_id',
     ];
 
+    protected $casts = [
+        'private_key' => 'encrypted',
+    ];
+
     protected static function booted()
     {
         static::saving(function ($key) {
diff --git a/database/migrations/2024_09_16_111428_encrypt_existing_private_keys.php b/database/migrations/2024_09_16_111428_encrypt_existing_private_keys.php
new file mode 100644
index 000000000..e2297cf37
--- /dev/null
+++ b/database/migrations/2024_09_16_111428_encrypt_existing_private_keys.php
@@ -0,0 +1,19 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Crypt;
+
+class EncryptExistingPrivateKeys extends Migration
+{
+    public function up()
+    {
+        DB::table('private_keys')->chunkById(100, function ($keys) {
+            foreach ($keys as $key) {
+                DB::table('private_keys')
+                    ->where('id', $key->id)
+                    ->update(['private_key' => Crypt::encryptString($key->private_key)]);
+            }
+        });
+    }
+}