sync: Main sync

Makefile

@@ -2,7 +2,7 @@
 
 all: fetch-all-env build
 
-TARGET_BRANCH?=main
+TARGET_BRANCH?=develop
 TAG?=$(shell bash -c 'git log --pretty=format:'%h' -n 1')
 FLAGS=
 ENVVAR=

env_gen.md

@@ -188,6 +188,7 @@
  | ENABLE_ASYNC_ARGO_CD_INSTALL_DEVTRON_CHART | bool |false | To enable async installation of gitops application |  | false |
  | ENABLE_ASYNC_INSTALL_DEVTRON_CHART | bool |false | To enable async installation of no-gitops application |  | false |
  | ENABLE_LINKED_CI_ARTIFACT_COPY | bool |false | Enable copying artifacts from parent CI pipeline to linked CI pipeline during creation |  | false |
+ | ENABLE_PASSWORD_ENCRYPTION | bool |true | enable password encryption |  | false |
  | EPHEMERAL_SERVER_VERSION_REGEX | string |v[1-9]\.\b(2[3-9]\|[3-9][0-9])\b.* | ephemeral containers support version regex that is compared with k8sServerVersion |  | false |
  | EVENT_URL | string |http://localhost:3000/notify | Notifier service url |  | false |
  | EXECUTE_WIRE_NIL_CHECKER | bool |false | checks for any nil pointer in wire.go |  | false |

go.mod

@@ -338,7 +338,7 @@ require (
 replace (
 	github.com/argoproj/argo-workflows/v3 v3.5.13 => github.com/devtron-labs/argo-workflows/v3 v3.5.13
 	github.com/cyphar/filepath-securejoin v0.4.1 => github.com/cyphar/filepath-securejoin v0.3.6 // indirect
-	github.com/devtron-labs/authenticator => github.com/devtron-labs/devtron-services/authenticator v0.0.0-20251027071349-2031d8107953
-	github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20251027071349-2031d8107953
+	github.com/devtron-labs/authenticator => github.com/devtron-labs/devtron-services/authenticator v0.0.0-20251104083107-f40094ec69d7
+	github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20251104083107-f40094ec69d7
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 => go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1
 )

go.sum

@@ -237,10 +237,10 @@ github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc h1:VRRKCwnzq
 github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/devtron-labs/argo-workflows/v3 v3.5.13 h1:3pINq0gXOSeTw2z/vYe+j80lRpSN5Rp/8mfQORh8SmU=
 github.com/devtron-labs/argo-workflows/v3 v3.5.13/go.mod h1:/vqxcovDPT4zqr4DjR5v7CF8ggpY1l3TSa2CIG3jmjA=
-github.com/devtron-labs/devtron-services/authenticator v0.0.0-20251027071349-2031d8107953 h1:LE08yoM+m/HgSXr8/aLwWUr0S6FBmC/853qpkZtrrkY=
-github.com/devtron-labs/devtron-services/authenticator v0.0.0-20251027071349-2031d8107953/go.mod h1:9LCkYfiWaEKIBkmxw9jX1GujvEMyHwmDtVsatffAkeU=
-github.com/devtron-labs/devtron-services/common-lib v0.0.0-20251027071349-2031d8107953 h1:gKhFrhn+XVAunhJdZHrpQF6Q6HR81kux1ugqlcsyJRA=
-github.com/devtron-labs/devtron-services/common-lib v0.0.0-20251027071349-2031d8107953/go.mod h1:BPvuxIUW9TNYZ3+9r39nMzeORMcLqTwNkakirqp9AzU=
+github.com/devtron-labs/devtron-services/authenticator v0.0.0-20251104083107-f40094ec69d7 h1:YkFQOE+l+ei//+HesxWQV1bxUr2tNNZSN31DkDFbtts=
+github.com/devtron-labs/devtron-services/authenticator v0.0.0-20251104083107-f40094ec69d7/go.mod h1:9LCkYfiWaEKIBkmxw9jX1GujvEMyHwmDtVsatffAkeU=
+github.com/devtron-labs/devtron-services/common-lib v0.0.0-20251104083107-f40094ec69d7 h1:IsgreAJRCpycvA7of0j0VZa9nXWXKOiTzDrH92149Zc=
+github.com/devtron-labs/devtron-services/common-lib v0.0.0-20251104083107-f40094ec69d7/go.mod h1:+CUhxuWB8uMYIoiXwofuLIXPyiNnwmoZlH90KWAE5Ew=
 github.com/devtron-labs/go-bitbucket v0.9.60-beta h1:VEx1jvDgdtDPS6A1uUFoaEi0l1/oLhbr+90xOwr6sDU=
 github.com/devtron-labs/go-bitbucket v0.9.60-beta/go.mod h1:GnuiCesvh8xyHeMCb+twm8lBR/kQzJYSKL28ZfObp1Y=
 github.com/devtron-labs/protos v0.0.3-0.20250323220609-ecf8a0f7305e h1:U6UdYbW8a7xn5IzFPd8cywjVVPfutGJCudjePAfL/Hs=

internal/sql/repository/GitOpsConfigRepository.go

@@ -19,6 +19,7 @@ package repository
 import (
 	"github.com/devtron-labs/common-lib/securestore"
 	"github.com/devtron-labs/devtron/pkg/sql"
+	globalUtil "github.com/devtron-labs/devtron/util"
 	"github.com/go-pg/pg"
 	"go.uber.org/zap"
 )
@@ -37,8 +38,9 @@ type GitOpsConfigRepository interface {
 }
 
 type GitOpsConfigRepositoryImpl struct {
-	dbConnection *pg.DB
-	logger       *zap.SugaredLogger
+	dbConnection       *pg.DB
+	logger             *zap.SugaredLogger
+	GlobalEnvVariables *globalUtil.GlobalEnvVariables
 }
 
 type GitOpsConfig struct {
@@ -63,8 +65,8 @@ type GitOpsConfig struct {
 	sql.AuditLog
 }
 
-func NewGitOpsConfigRepositoryImpl(logger *zap.SugaredLogger, dbConnection *pg.DB) *GitOpsConfigRepositoryImpl {
-	return &GitOpsConfigRepositoryImpl{dbConnection: dbConnection, logger: logger}
+func NewGitOpsConfigRepositoryImpl(logger *zap.SugaredLogger, dbConnection *pg.DB, variables *globalUtil.EnvironmentVariables) *GitOpsConfigRepositoryImpl {
+	return &GitOpsConfigRepositoryImpl{dbConnection: dbConnection, logger: logger, GlobalEnvVariables: variables.GlobalEnvVariables}
 }
 
 func (impl *GitOpsConfigRepositoryImpl) GetConnection() *pg.DB {
@@ -73,9 +75,11 @@ func (impl *GitOpsConfigRepositoryImpl) GetConnection() *pg.DB {
 
 func (impl *GitOpsConfigRepositoryImpl) CreateGitOpsConfig(model *GitOpsConfig, tx *pg.Tx) (*GitOpsConfig, error) {
 	var err error
-	model.Token, err = securestore.EncryptString(model.Token.String())
-	if err != nil {
-		return model, err
+	if impl.GlobalEnvVariables.EnablePasswordEncryption {
+		model.Token, err = securestore.EncryptString(model.Token.String())
+		if err != nil {
+			return model, err
+		}
 	}
 	err = tx.Insert(model)
 	if err != nil {
@@ -85,9 +89,11 @@ func (impl *GitOpsConfigRepositoryImpl) CreateGitOpsConfig(model *GitOpsConfig,
 	return model, nil
 }
 func (impl *GitOpsConfigRepositoryImpl) UpdateGitOpsConfig(model *GitOpsConfig, tx *pg.Tx) (err error) {
-	model.Token, err = securestore.EncryptString(model.Token.String())
-	if err != nil {
-		return err
+	if impl.GlobalEnvVariables.EnablePasswordEncryption {
+		model.Token, err = securestore.EncryptString(model.Token.String())
+		if err != nil {
+			return err
+		}
 	}
 	err = tx.Update(model)
 	if err != nil {

internal/sql/repository/dockerRegistry/DockerArtifactStoreRepository.go

@@ -99,27 +99,30 @@ type DockerArtifactStoreRepository interface {
 	FindInactive(storeId string) (bool, error)
 }
 type DockerArtifactStoreRepositoryImpl struct {
-	dbConnection *pg.DB
+	dbConnection       *pg.DB
+	GlobalEnvVariables *util.GlobalEnvVariables
 }
 
-func NewDockerArtifactStoreRepositoryImpl(dbConnection *pg.DB) *DockerArtifactStoreRepositoryImpl {
-	return &DockerArtifactStoreRepositoryImpl{dbConnection: dbConnection}
+func NewDockerArtifactStoreRepositoryImpl(dbConnection *pg.DB, environmentVariables *util.EnvironmentVariables) *DockerArtifactStoreRepositoryImpl {
+	return &DockerArtifactStoreRepositoryImpl{dbConnection: dbConnection, GlobalEnvVariables: environmentVariables.GlobalEnvVariables}
 }
 
 func (impl DockerArtifactStoreRepositoryImpl) GetConnection() *pg.DB {
 	return impl.dbConnection
 }
 
 func (impl DockerArtifactStoreRepositoryImpl) Save(artifactStore *DockerArtifactStore, tx *pg.Tx) (err error) {
-	artifactStore.Password, err = securestore.EncryptString(artifactStore.Password.String())
-	if err != nil {
-		return err
-	}
-	artifactStore.AWSSecretAccessKey, err = securestore.EncryptString(artifactStore.AWSSecretAccessKey.String())
-	if err != nil {
-		return err
-	}
 
+	if impl.GlobalEnvVariables.EnablePasswordEncryption {
+		artifactStore.Password, err = securestore.EncryptString(artifactStore.Password.String())
+		if err != nil {
+			return err
+		}
+		artifactStore.AWSSecretAccessKey, err = securestore.EncryptString(artifactStore.AWSSecretAccessKey.String())
+		if err != nil {
+			return err
+		}
+	}
 	if util.IsBaseStack() {
 		return tx.Insert(artifactStore)
 	}
@@ -246,13 +249,15 @@ func (impl DockerArtifactStoreRepositoryImpl) FindOneInactive(storeId string) (*
 }
 
 func (impl DockerArtifactStoreRepositoryImpl) Update(artifactStore *DockerArtifactStore, tx *pg.Tx) (err error) {
-	artifactStore.Password, err = securestore.EncryptString(artifactStore.Password.String())
-	if err != nil {
-		return err
-	}
-	artifactStore.AWSSecretAccessKey, err = securestore.EncryptString(artifactStore.AWSSecretAccessKey.String())
-	if err != nil {
-		return err
+	if impl.GlobalEnvVariables.EnablePasswordEncryption {
+		artifactStore.Password, err = securestore.EncryptString(artifactStore.Password.String())
+		if err != nil {
+			return err
+		}
+		artifactStore.AWSSecretAccessKey, err = securestore.EncryptString(artifactStore.AWSSecretAccessKey.String())
+		if err != nil {
+			return err
+		}
 	}
 	//TODO check for unique default
 	//there can be only one default

pkg/build/git/gitProvider/repository/GitProviderRepository.go

@@ -20,6 +20,7 @@ import (
 	"github.com/devtron-labs/common-lib/securestore"
 	"github.com/devtron-labs/devtron/internal/sql/constants"
 	"github.com/devtron-labs/devtron/pkg/sql"
+	globalUtil "github.com/devtron-labs/devtron/util"
 	"github.com/go-pg/pg"
 )
 
@@ -56,15 +57,16 @@ type GitProviderRepository interface {
 }
 
 type GitProviderRepositoryImpl struct {
-	dbConnection *pg.DB
+	GlobalEnvVariables *globalUtil.GlobalEnvVariables
+	dbConnection       *pg.DB
 }
 
-func NewGitProviderRepositoryImpl(dbConnection *pg.DB) *GitProviderRepositoryImpl {
-	return &GitProviderRepositoryImpl{dbConnection: dbConnection}
+func NewGitProviderRepositoryImpl(dbConnection *pg.DB, envVariables *globalUtil.EnvironmentVariables) *GitProviderRepositoryImpl {
+	return &GitProviderRepositoryImpl{dbConnection: dbConnection, GlobalEnvVariables: envVariables.GlobalEnvVariables}
 }
 
 func (impl GitProviderRepositoryImpl) Save(gitProvider *GitProvider) error {
-	err := encryptFieldsInGitProvider(gitProvider)
+	err := impl.encryptFieldsInGitProvider(gitProvider)
 	if err != nil {
 		return err
 	}
@@ -120,7 +122,7 @@ func (impl GitProviderRepositoryImpl) FindByUrl(providerUrl string) (GitProvider
 }
 
 func (impl GitProviderRepositoryImpl) Update(gitProvider *GitProvider) error {
-	err := encryptFieldsInGitProvider(gitProvider)
+	err := impl.encryptFieldsInGitProvider(gitProvider)
 	if err != nil {
 		return err
 	}
@@ -133,19 +135,21 @@ func (impl GitProviderRepositoryImpl) MarkProviderDeleted(gitProvider *GitProvid
 	return impl.dbConnection.Update(gitProvider)
 }
 
-func encryptFieldsInGitProvider(gitProvider *GitProvider) error {
+func (impl GitProviderRepositoryImpl) encryptFieldsInGitProvider(gitProvider *GitProvider) error {
 	var err error
-	gitProvider.Password, err = securestore.EncryptString(gitProvider.Password.String())
-	if err != nil {
-		return err
-	}
-	gitProvider.AccessToken, err = securestore.EncryptString(gitProvider.AccessToken.String())
-	if err != nil {
-		return err
-	}
-	gitProvider.SshPrivateKey, err = securestore.EncryptString(gitProvider.SshPrivateKey.String())
-	if err != nil {
-		return err
+	if impl.GlobalEnvVariables.EnablePasswordEncryption {
+		gitProvider.Password, err = securestore.EncryptString(gitProvider.Password.String())
+		if err != nil {
+			return err
+		}
+		gitProvider.AccessToken, err = securestore.EncryptString(gitProvider.AccessToken.String())
+		if err != nil {
+			return err
+		}
+		gitProvider.SshPrivateKey, err = securestore.EncryptString(gitProvider.SshPrivateKey.String())
+		if err != nil {
+			return err
+		}
 	}
 	return nil
 }

pkg/cluster/repository/ClusterRepository.go

@@ -19,6 +19,7 @@ package repository
 import (
 	"github.com/devtron-labs/common-lib/securestore"
 	"github.com/devtron-labs/devtron/pkg/sql"
+	globalUtil "github.com/devtron-labs/devtron/util"
 	"github.com/go-pg/pg"
 	"go.uber.org/zap"
 	"time"
@@ -74,22 +75,26 @@ type ClusterRepository interface {
 	FindByClusterURL(clusterURL string) (*Cluster, error)
 }
 
-func NewClusterRepositoryImpl(dbConnection *pg.DB, logger *zap.SugaredLogger) *ClusterRepositoryImpl {
+func NewClusterRepositoryImpl(dbConnection *pg.DB, logger *zap.SugaredLogger, variables *globalUtil.EnvironmentVariables) *ClusterRepositoryImpl {
 	return &ClusterRepositoryImpl{
-		dbConnection: dbConnection,
-		logger:       logger,
+		dbConnection:       dbConnection,
+		logger:             logger,
+		GlobalEnvVariables: variables.GlobalEnvVariables,
 	}
 }
 
 type ClusterRepositoryImpl struct {
-	dbConnection *pg.DB
-	logger       *zap.SugaredLogger
+	dbConnection       *pg.DB
+	logger             *zap.SugaredLogger
+	GlobalEnvVariables *globalUtil.GlobalEnvVariables
 }
 
 func (impl ClusterRepositoryImpl) Save(model *Cluster) (err error) {
-	model.Config, err = securestore.EncryptMap(model.Config)
-	if err != nil {
-		return err
+	if impl.GlobalEnvVariables.EnablePasswordEncryption {
+		model.Config, err = securestore.EncryptMap(model.Config)
+		if err != nil {
+			return err
+		}
 	}
 	return impl.dbConnection.Insert(model)
 }
@@ -106,9 +111,11 @@ func (impl ClusterRepositoryImpl) FindOne(clusterName string) (*Cluster, error)
 }
 func (impl ClusterRepositoryImpl) SaveAll(models []*Cluster) (err error) {
 	for i := range models {
-		models[i].Config, err = securestore.EncryptMap(models[i].Config)
-		if err != nil {
-			return err
+		if impl.GlobalEnvVariables.EnablePasswordEncryption {
+			models[i].Config, err = securestore.EncryptMap(models[i].Config)
+			if err != nil {
+				return err
+			}
 		}
 	}
 	return impl.dbConnection.Insert(models)
@@ -191,9 +198,11 @@ func (impl ClusterRepositoryImpl) FindByIds(id []int) ([]Cluster, error) {
 }
 
 func (impl ClusterRepositoryImpl) Update(model *Cluster) (err error) {
-	model.Config, err = securestore.EncryptMap(model.Config)
-	if err != nil {
-		return err
+	if impl.GlobalEnvVariables.EnablePasswordEncryption {
+		model.Config, err = securestore.EncryptMap(model.Config)
+		if err != nil {
+			return err
+		}
 	}
 	return impl.dbConnection.Update(model)
 }

util/GlobalConfig.go

@@ -67,6 +67,7 @@ type GlobalEnvVariables struct {
 	IsAirGapEnvironment               bool `json:"isAirGapEnvironment" env:"IS_AIR_GAP_ENVIRONMENT" envDefault:"false"`
 	EnableLinkedCiArtifactCopy        bool `env:"ENABLE_LINKED_CI_ARTIFACT_COPY" envDefault:"false" description:"Enable copying artifacts from parent CI pipeline to linked CI pipeline during creation"`
 	LinkedCiArtifactCopyLimit         int  `env:"LINKED_CI_ARTIFACT_COPY_LIMIT" envDefault:"10" description:"Maximum number of artifacts to copy from parent CI pipeline to linked CI pipeline"`
+	EnablePasswordEncryption          bool `env:"ENABLE_PASSWORD_ENCRYPTION" envDefault:"true" description:"enable password encryption"`
 }
 
 type GlobalClusterConfig struct {

vendor/modules.txt

@@ -523,15 +523,15 @@ github.com/davecgh/go-spew/spew
 # github.com/deckarep/golang-set v1.8.0
 ## explicit; go 1.17
 github.com/deckarep/golang-set
-# github.com/devtron-labs/authenticator v0.4.35-0.20240809073103-6e11da8083f8 => github.com/devtron-labs/devtron-services/authenticator v0.0.0-20251027071349-2031d8107953
+# github.com/devtron-labs/authenticator v0.4.35-0.20240809073103-6e11da8083f8 => github.com/devtron-labs/devtron-services/authenticator v0.0.0-20251104083107-f40094ec69d7
 ## explicit; go 1.24.0
 github.com/devtron-labs/authenticator/apiToken
 github.com/devtron-labs/authenticator/client
 github.com/devtron-labs/authenticator/jwt
 github.com/devtron-labs/authenticator/middleware
 github.com/devtron-labs/authenticator/oidc
 github.com/devtron-labs/authenticator/password
-# github.com/devtron-labs/common-lib v0.18.1-0.20241001061923-eda545dc839e => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20251027071349-2031d8107953
+# github.com/devtron-labs/common-lib v0.18.1-0.20241001061923-eda545dc839e => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20251104083107-f40094ec69d7
 ## explicit; go 1.24.0
 github.com/devtron-labs/common-lib/async
 github.com/devtron-labs/common-lib/blob-storage
@@ -2673,5 +2673,5 @@ xorm.io/xorm/log
 xorm.io/xorm/names
 xorm.io/xorm/schemas
 xorm.io/xorm/tags
-# github.com/devtron-labs/authenticator => github.com/devtron-labs/devtron-services/authenticator v0.0.0-20251027071349-2031d8107953
-# github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20251027071349-2031d8107953
+# github.com/devtron-labs/authenticator => github.com/devtron-labs/devtron-services/authenticator v0.0.0-20251104083107-f40094ec69d7
+# github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20251104083107-f40094ec69d7