iachat/app
Sojan Jose 38f16ba677
feat: Secure external credentials with database encryption (#12648)
## Changelog

- Added conditional Active Record encryption to every external
credential we store (SMTP/IMAP passwords, Twilio tokens,
Slack/OpenAI hook tokens, Facebook/Instagram tokens, LINE/Telegram keys,
Twitter secrets) so new writes are encrypted
whenever Chatwoot.encryption_configured? is true; legacy installs still
receive plaintext until their secrets are
    updated.
- Tuned encryption settings in config/application.rb to allow legacy
reads (support_unencrypted_data) and to extend
deterministic queries so lookups continue to match plaintext rows during
the rollout; added TODOs to retire the
    fallback once encryption becomes mandatory.
- Introduced an MFA-pipeline test suite
(spec/models/external_credentials_encryption_spec.rb) plus shared
examples to
verify each attribute encrypts at rest and that plaintext records
re-encrypt on update, with a dedicated Telegram case.
The existing MFA GitHub workflow now runs these tests using the
preconfigured encryption keys.

fixes:
https://linear.app/chatwoot/issue/CW-5453/encrypt-sensitive-credentials-stored-in-plain-text-in-database

## Testing Instructions

 1. Instance without encryption keys
- Unset ACTIVE_RECORD_ENCRYPTION_* vars (or run in an environment where
they’re absent).
      - Create at least one credentialed channel (e.g., Email SMTP).
- Confirm workflows still function (send/receive mail or a similar
sanity check).
- In the DB you should still see plaintext values—this confirms the
guard prevents encryption when keys are missing.
  2. Instance with encryption keys
      - Configure the three encryption env vars and restart.
- Pick a couple of representative integrations (e.g., Email SMTP +
Twilio SMS).
      - Legacy channel check:
- Use existing records created before enabling keys. Trigger their
workflow (send an email / SMS, or hit the
            webhook) to ensure they still authenticate.
- Inspect the raw column—value remains plaintext until changed.
      - Update legacy channel:
- Edit one legacy channel’s credential (e.g., change SMTP password).
- Verify the operation still works and the stored value is now encrypted
(raw column differs, accessor returns
            original).
      - New channel creation:
- Create a new channel of the same type; confirm functionality and that
the stored credential is encrypted from
            the start.

---------

Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com>
2025-10-13 18:05:12 +05:30
..
actions fix: Disable enqueueing Avatar jobs if the URL is invalid (#12035) 2025-07-24 12:56:39 +04:00
assets feat: Hide installation identifier (#11722) 2025-06-17 15:45:40 -07:00
builders fix: Rendering on email without html content (#12561) 2025-10-01 13:43:05 +05:30
channels fix: Move contact events to account stream rather than individual user stream (#11082) 2025-03-13 17:46:48 -07:00
controllers feat: Add relay state for SAML SSO (#12597) 2025-10-07 20:32:29 +05:30
dashboards feat: Auto confirm user email when super admin make changes (#12418) 2025-09-23 20:14:02 +05:30
dispatchers feat(ee): Add Captain features (#10665) 2025-01-14 16:15:47 -08:00
drops feat: Add the support for custom attributes in message variables (#8511) 2023-12-08 14:13:35 -08:00
fields chore: improve plan-based feature handling with plan hierarchy (#11335) 2025-04-28 14:13:56 -07:00
finders feat: add SKIP_INCOMING_BCC_PROCESSING as internal config (#12484) 2025-09-22 17:52:56 +05:30
helpers fix: Add URL validation and rate limiting for contact avatar sync (#11979) 2025-09-10 20:08:06 +05:30
javascript chore: add script to throttle bulkreindex job creation and increase meta timeouts(#12626) 2025-10-13 16:21:45 +05:30
jobs feat: Open conversation when agent bot webhook fails (#12379) 2025-10-13 15:59:59 +05:30
listeners fix: incorrect first response time for reopened conversations (#12058) 2025-08-13 16:39:43 +05:30
mailboxes fix: Use .find_by instead .where().first (#12402) 2025-09-10 10:08:37 +05:30
mailers feat: Clean up email configuration for from and reply to emails (#12453) 2025-09-24 11:36:53 -07:00
models feat: Secure external credentials with database encryption (#12648) 2025-10-13 18:05:12 +05:30
policies feat: Add WhatsApp health monitoring and self-service registration completion (#12556) 2025-10-02 11:25:48 +05:30
presenters fix: Disable automations on auto-reply emails (#12101) 2025-08-05 13:17:06 +05:30
services fix: Duplicate contacts creating for Argentina numbers (#11173) 2025-10-13 11:07:07 +05:30
views perf: Contact optimisation fixes (#12016) 2025-09-25 18:59:55 +05:30
workers feat: API Endpoints to update message status (#11387) 2025-04-29 15:33:11 -07:00