Skip to content

fix: include type field in encrypted set-default values#82

Merged
jkebinger merged 2 commits intomainfrom
fix-encrypted-value-type
Dec 3, 2025
Merged

fix: include type field in encrypted set-default values#82
jkebinger merged 2 commits intomainfrom
fix-encrypted-value-type

Conversation

@jkebinger
Copy link
Contributor

@jkebinger jkebinger commented Dec 3, 2025

Summary

Fixes a bug where set-default --secret was not sending the type field and was using the wrong field name for encrypted values, causing the value to not be properly sent to the server.

Problem

When setting encrypted values using reforge set-default --secret, the API payload was malformed:

  • Missing the required type field
  • Using string as the field name instead of value

This caused encrypted values to fail when sent to the /internal/ops/v1/set-default endpoint.

Solution

  1. encryption.ts:209 - Changed field name from string to value
  2. set-default.ts:255-258 - Added type: 'string' field to encrypted values
  3. Test validation - Added mock handler validation to ensure encrypted values have correct structure
  4. Version bump - 0.0.11 → 0.0.12

Payload Comparison

Before (Incorrect) ❌

{
  "configKey": "test.secret",
  "currentVersionId": 1,
  "environmentId": 5,
  "value": {
    "string": "encrypted-data--iv--tag",
    "confidential": true,
    "decryptWith": "reforge.secrets.encryption.key"
  }
}

After (Correct) ✅

{
  "configKey": "test.secret",
  "currentVersionId": 1,
  "environmentId": 5,
  "value": {
    "type": "string",
    "value": "encrypted-data--iv--tag",
    "confidential": true,
    "decryptWith": "reforge.secrets.encryption.key"
  }
}

Files Changed

  • src/util/encryption.ts - Fixed encrypted value field name
  • src/commands/set-default.ts - Added type field to encrypted values
  • test/responses/set-default.ts - Added validation for encrypted value structure
  • package.json - Version bump to 0.0.12

Test Plan

The existing test at test/commands/set-default.test.ts:100-105 validates encrypted value creation. With the added mock handler validation, this test would fail before the fix and passes after.

🤖 Generated with Claude Code

jkebinger and others added 2 commits December 3, 2025 14:16
@jkebinger @claude
fix: include type field in encrypted set-default values
4f24992 
When using `set-default --secret`, encrypted values were missing the
required `type` field in the API payload, causing the value and type
to not be sent to the server.

Changes:
- Fix encryption.ts to use `value` field instead of `string`
- Add `type: 'string'` to encrypted values in set-default.ts
- Add test validation for encrypted value structure
- Bump version to 0.0.12

Before (incorrect payload):
```json
{
  "value": {
    "string": "encrypted-data",
    "confidential": true,
    "decryptWith": "reforge.secrets.encryption.key"
  }
}
```

After (correct payload):
```json
{
  "value": {
    "type": "string",
    "value": "encrypted-data",
    "confidential": true,
    "decryptWith": "reforge.secrets.encryption.key"
  }
}
```

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@jkebinger
Regenerate readme
ab117bd
@jkebinger jkebinger enabled auto-merge (squash) December 3, 2025 20:31
jdwyah
jdwyah approved these changes Dec 3, 2025
View reviewed changes
Copy link
Contributor

@jdwyah jdwyah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks

@jkebinger jkebinger merged commit 16a4406 into main Dec 3, 2025
6 checks passed
@jkebinger jkebinger deleted the fix-encrypted-value-type branch December 3, 2025 20:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jdwyah jdwyah jdwyah approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jkebinger @jdwyah