Wahyu Syahputra - Platform Engineer & Content Creator

This was a follow-up I had already hinted at earlier in this previous build log…

In this commit, I added encryption for SSH private keys so they no longer appear as plain text in the database.

This was something I realized right after building the SSH key CRUD flow. Functionally, that feature was already working, but from a security perspective it still felt incomplete. Since this project is a PaaS, storing user SSH private keys as plain text is just not a good place to stop.

So this change was really about closing that gap.

Now the database no longer shows the SSH private key in raw form, which feels much more aligned with the kind of security baseline I want for this project. It does not magically solve every security concern of course… but it is an important improvement because user infrastructure credentials should be treated as sensitive data from the start, not as an afterthought.

One thing I like about writing these build logs is that they make missing pieces easier to notice. In this case, documenting the previous SSH key work made me realize, “wait… I still have not encrypted the private keys yet.” So this commit was basically me fixing that omission before moving further.