[docs] feat(composer) : adding doc on conf for encryption

docs/deployment/breaking-changes.md

@@ -10,8 +10,20 @@ This table regroups all the breaking changes introduced, with the corresponding
 
 | Change                                | Deprecated in | Changed in |
 |:--------------------------------------|:--------------|:-----------|
+| [OpenAEV encryption of secret](#openaev-encryption) | -         | 2.1.0      |
 | [OpenAEV renaming](#openaev-renaming) | 1.18.20       | 2.0.0      |
 
+## OpenAEV 2.1.0
+
+### Introduction
+
+<a id="openaev-encryption"></a>
+#### OpenAEV encryption
+
+With the introduction of the OpenAEV catalog, built-in connectors now store their configuration in the database. To ensure security, secrets and passwords within these configurations must be encrypted. This requires two new mandatory properties to be configured.
+
+For more details, see [this migration guide](breaking-changes/2.1.0-encrypting-password.md)
+
 ## OpenAEV 2.0.0
 
 ### Deprecation

docs/deployment/breaking-changes/2.1.0-encrypting-password.md

@@ -0,0 +1,16 @@
+# OpenAEV encryption
+
+!!! info ""
+
+    * **Introduced in**: `OpenAEV 2.1.0`
+
+## Description of changes
+
+With the introduction of the composer catalog, built-in connectors are managed through the OpenAEV UI. Those connectors have their configuration saved in database.
+
+For security reasons, the properties of type password need to be encrypted inside the database. This means that we need to introduce two new mandatory properties (as you can see here in the page dedicated to [configuration](../../configuration/#basic-parameters)) :
+
+| Parameter                          | Environment variable               | Default value         | Description                                                                                                              |
+|:-----------------------------------|:-----------------------------------|:----------------------|:-------------------------------------------------------------------------------------------------------------------------|
+| openaev.admin.encryption_key       | OPENAEV_ADMIN_ENCRYPTION_KEY       | ChangeMe              | Encryption key used for encrypting sensitive data in database. Encryption key and salt are used to generate a 256bit encryption key for encrypting purpose.                                |
+| openaev.admin.encryption_salt      | OPENAEV_ADMIN_ENCRYPTION_SALT      | ChangeMe              | Encryption salt used for encrypting sensitive data in database. Must be at least 8 bytes long. Encryption key and salt are used to generate a 256bit encryption key for encrypting purpose  |

docs/deployment/configuration.md

@@ -37,6 +37,8 @@ Here are the configuration keys, for both containers (environment variables) and
 | openaev.admin.email                | OPENAEV_ADMIN_EMAIL                | [email protected]      | Default login email of the admin user                                                                                    |
 | openaev.admin.password             | OPENAEV_ADMIN_PASSWORD             | ChangeMe              | Default password of the admin user                                                                                       |
 | openaev.admin.token                | OPENAEV_ADMIN_TOKEN                | ChangeMe              | Default token (must be a valid UUIDv4)                                                                                   |
+| openaev.admin.encryption_key       | OPENAEV_ADMIN_ENCRYPTION_KEY       | ChangeMe              | Encryption key used for encrypting sensitive data in database. Encryption key and salt are used to generate a 256bit encryption key for encrypting purpose.                                |
+| openaev.admin.encryption_salt      | OPENAEV_ADMIN_ENCRYPTION_SALT      | ChangeMe              | Encryption salt used for encrypting sensitive data in database. Must be at least 8 bytes long. Encryption key and salt are used to generate a 256bit encryption key for encrypting purpose  |
 | openaev.healthcheck.key            | OPENAEV_HEALTHCHECK_KEY            | ChangeMe              | The key to use in the health check endpoint (/api/health)                                                                |
 | inject.execution.threshold.minutes | INJECT_EXECUTION_THRESHOLD_MINUTES | 10                    | Inject execution threshold in minutes. If this time is exceeded, the inject will be moved to the MAYBE_PREVENTED status. |
 | openaev.starterpack.enabled        | OPENAEV_STARTERPACK_ENABLED        | true                  | StarterPack feature, providing default endpoint, asset group, scenarios and dashboards                                   |

mkdocs.yml

@@ -128,6 +128,7 @@ nav:
       - Index: deployment/breaking-changes.md
       - Migration guides:
         - OpenAEV renaming: deployment/breaking-changes/2.0.0-openaev-renaming.md
+        - OpenAEV encryption: deployment/breaking-changes/2.1.0-encrypting-password.md
   - User Guide:
     - Getting started: usage/getting-started.md
     - Foundations: