From 899d3293bcfd2ff6a8e28dba7b8bbf4703b7d3d7 Mon Sep 17 00:00:00 2001
From: Atanas Janeshliev <atanas.janeshliev@proton.ch>
Date: Tue, 18 Mar 2025 12:20:21 +0100
Subject: [PATCH] feat(BRIDGE-324): added a log entry for the vault key hash

---
 internal/app/vault.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/internal/app/vault.go b/internal/app/vault.go
index e72e1bb4..5f69e953 100644
--- a/internal/app/vault.go
+++ b/internal/app/vault.go
@@ -18,6 +18,8 @@
 package app
 
 import (
+	"crypto/sha256"
+	"encoding/hex"
 	"fmt"
 	"path"
 
@@ -89,6 +91,7 @@ func newVault(reporter *sentry.Reporter, locations *locations.Locations, keychai
 		vaultDir = path.Join(vaultDir, "insecure")
 	} else {
 		vaultKey = key
+		logHashedVaultKey(vaultKey) // Log a hash of the vault key.
 	}
 
 	gluonCacheDir, err := locations.ProvideGluonCachePath()
@@ -127,3 +130,9 @@ func loadVaultKey(vaultDir string, keychains *keychain.List) ([]byte, error) {
 
 	return key, nil
 }
+
+// logHashedVaultKey - computes a sha256 hash and encodes it to base 64. The resulting string is logged.
+func logHashedVaultKey(vaultKey []byte) {
+	hashedKey := sha256.Sum256(vaultKey)
+	logrus.WithField("hashedKey", hex.EncodeToString(hashedKey[:])).Info("Found vault key")
+}