[Hackathon] Add Config Option to Disable Password Encryption in DB

[rsdmike]

🔹 Overview

Currently, passwords in the database are always encrypted in device-management-toolkit. We need to introduce a configuration option that allows disabling encryption when storing passwords in the database.

🔹 Important: Encryption should remain enabled by default, and the export functionality (SerializeAndEncryptYAML) must not be affected.

🎯 Task Scope

• Step 1: Add a configuration option (e.g., DISABLE_DB_PASSWORD_ENCRYPTION) to enable/disable encryption.
• Step 2: Modify logic in the following files to respect this setting:
  • main.go → Load the config and pass it into the use cases.
  • internal/usecase/domains/usecase.go → Modify encryption logic.
  • internal/usecase/domains/devices.go → Update encryption checks for stored passwords.
  • internal/usecase/domains/wificonfigs.go → Apply config setting to Wi-Fi password storage.
  • internal/usecase/domains/ciraconfigs.go → Ensure encryption is conditionally applied.
  • internal/usecase/domains/profiles.go → Modify profiles to respect encryption setting.
• Step 3: Ensure that SerializeAndEncryptYAML remains untouched.
• Step 4: Implement unit tests to verify encryption is correctly toggled based on config.
• Step 5: Update documentation to reflect the new configuration option.

📂 Relevant Files

• main.go
• internal/usecase/domains/usecase.go
• internal/usecase/domains/devices.go
• internal/usecase/domains/wificonfigs.go
• internal/usecase/domains/ciraconfigs.go
• internal/usecase/domains/profiles.go
• config/config.go

💻 Technical Details

• The configuration option should be environment-variable driven:

  DISABLE_DB_PASSWORD_ENCRYPTION=false  # Default: false (encryption enabled)
  

• When DISABLE_DB_PASSWORD_ENCRYPTION=true, passwords should be stored in plaintext instead of being encrypted.
• Ensure existing encryption remains the default if the config is not set.
• Unit tests should validate:
  • When the option is enabled, passwords are stored without encryption.
  • When disabled (default), passwords are still encrypted.

✅ Acceptance Criteria

[ ] A new config option controls password encryption in the database.
[ ] Encryption is enabled by default unless explicitly disabled.
[ ] All necessary files are updated to check this configuration.
[ ] Export functionality (SerializeAndEncryptYAML) remains encrypted.
[ ] Unit tests confirm correct encryption behavior.
[ ] A Pull Request (PR) is submitted with a summary of changes.

📎 Additional Notes

• Double-check that SerializeAndEncryptYAML is not modified.
• Follow existing patterns for config management in main.go.
• If encryption logic is shared across multiple files, consider centralizing logic for easier maintenance.