fix(docker-watcher): phase 8 security fixes

Remove webhook secret from logs and API response. Add auth-pending note to router. Fix decrypt fallback that would use ciphertext as auth token on decrypt failure.
2026-03-27 22:10:00 +03:00
parent 97d4243cfe
commit 757c72eea1
22 changed files with 1312 additions and 10 deletions
@@ -82,7 +82,7 @@ func main() {
 	if err != nil {
 		log.Fatalf("ensure webhook secret: %v", err)
 	}
-	log.Printf("Webhook secret: %s", secret)
+	log.Printf("Webhook secret configured (use /api/settings/webhook-url to retrieve)")

 	// Initialize registry poller.
 	poller := registry.NewPoller(db, dep, encKey)