Fix: Encrypt private SSH keys in the DB

app/Models/PrivateKey.php

@@ -32,6 +32,10 @@ class PrivateKey extends BaseModel
         'team_id',
     ];
 
+    protected $casts = [
+        'private_key' => 'encrypted',
+    ];
+
     protected static function booted()
     {
         static::saving(function ($key) {

database/migrations/2024_09_16_111428_encrypt_existing_private_keys.php

@@ -0,0 +1,19 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Crypt;
+
+class EncryptExistingPrivateKeys extends Migration
+{
+    public function up()
+    {
+        DB::table('private_keys')->chunkById(100, function ($keys) {
+            foreach ($keys as $key) {
+                DB::table('private_keys')
+                    ->where('id', $key->id)
+                    ->update(['private_key' => Crypt::encryptString($key->private_key)]);
+            }
+        });
+    }
+}