From f2be756cf403f7a3d574d35a3bdec78dc80e3f04 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom.moor@gmail.com>
Date: Sat, 21 May 2022 13:25:32 +0100
Subject: [PATCH] feat: Improved error for community edition when database
 columns cannot be decrypted

---
 server/models/decorators/Encrypted.ts | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/server/models/decorators/Encrypted.ts b/server/models/decorators/Encrypted.ts
index 1b917bed9..a005c6a45 100644
--- a/server/models/decorators/Encrypted.ts
+++ b/server/models/decorators/Encrypted.ts
@@ -1,4 +1,5 @@
 import vaults from "@server/database/vaults";
+import Logger from "@server/logging/logger";
 
 const key = "sequelize:vault";
 
@@ -15,7 +16,19 @@ export default function Encrypted(target: any, propertyKey: string) {
  * Get the value of an encrypted column given the target and the property key.
  */
 export function getEncryptedColumn(target: any, propertyKey: string): string {
-  return Reflect.getMetadata(key, target, propertyKey).get.call(target);
+  try {
+    return Reflect.getMetadata(key, target, propertyKey).get.call(target);
+  } catch (err) {
+    if (err.message.includes("bad decrypt")) {
+      Logger.error(
+        `Failed to decrypt database column (${propertyKey}). The SECRET_KEY environment variable may have changed since installation.`,
+        err
+      );
+      process.exit(1);
+    }
+
+    throw err;
+  }
 }
 
 /**