Add encryption key management feature with key rotation #2
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ajaya2023
force-pushed
the
main
branch
28 times, most recently
from
010e955 to
43e0e5f
Compare
ajaya2023
force-pushed
the
main
branch
30 times, most recently
from
9636349 to
1d1ecd4
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
✨ Overview
This PR introduces a secure and fully functional encryption key management system to the Password Manager.
It allows users to change or rotate their master encryption key while keeping all their stored passwords safe — automatically re-encrypting them with the new key behind the scenes.
🧠 Why This Matters
Security-focused applications like a password manager must allow users to:
Periodically rotate encryption keys for better protection.
Recover from compromised keys without losing data.
Have a transparent and automated process for key updates.
This feature directly strengthens the project’s real-world security and user control, aligning perfectly with best practices for encrypted data storage.
⚙️ Technical Details
Added a new module: key_manager.py
Handles key generation, loading, and rotation.
Securely stores the current key in a local master.key file.
Provides a method change_key(old_key, new_key, data_list) to re-encrypt all stored password entries.
Integrated with the existing encryption flow to ensure seamless backward compatibility.
Added error handling for missing or invalid keys.
Updated README.md with clear usage instructions and security notes.
🧩 Example Usage
from key_manager import KeyManager
manager = KeyManager()
new_key = manager.generate_key()
updated_data = manager.change_key(manager.key, new_key, data_list)
save_passwords(updated_data)
🧾 Summary of Changes
✅ Implemented full encryption key lifecycle (generate, load, rotate)
✅ Automatic re-encryption of stored data on key change
✅ Safe file-based key persistence (master.key)
✅ Backward compatible with existing encryption code
✅ Updated documentation and inline code comments
🛡️ Benefits
🔒 Stronger user data protection
🔁 Enables secure key rotation and recovery
⚡ Improves code modularity with clear separation of encryption logic
🧰 Lays foundation for future features (e.g., user-defined passphrase, cloud backup encryption)
🙌 Closing Thoughts
This feature makes the Password Manager more secure, maintainable, and production-ready.
It’s a clean, non-breaking addition that enhances the app’s reliability and long-term usability.