Feature: Admin Page to Track Encrypted Fields Using Legacy Keys
Summary:
Build an admin dashboard route to inspect and flag database records still using secondary (legacy) encryption keys.
Motivation:
After rotating to new encryption keys, it's important to identify which records still rely on older keys so they can be prioritized for re-encryption or alerting.
Scope:
- Add a utility to track which records decrypt using secondary keys
- Create a page accessible to authenticated admin users
- Include filters, summary stats, and optional export to CSV
Future Enhancements:
- Inline re-encryption from the admin UI
- Audit trail of encryption key history
Related: scripts/keyrotate.py CLI already supports programmatic rotation
Feature: Admin Page to Track Encrypted Fields Using Legacy Keys
Summary:
Build an admin dashboard route to inspect and flag database records still using secondary (legacy) encryption keys.
Motivation:
After rotating to new encryption keys, it's important to identify which records still rely on older keys so they can be prioritized for re-encryption or alerting.
Scope:
Future Enhancements:
Related:
scripts/keyrotate.pyCLI already supports programmatic rotation