From 3762b3ec2fd50d7881a736c3845d4021db61e93f Mon Sep 17 00:00:00 2001
From: Grant Linville <grant@acorn.io>
Date: Fri, 21 Feb 2025 14:05:54 -0500
Subject: [PATCH] fix: database cred helper: crash if encryption config file is
 missing

Signed-off-by: Grant Linville <grant@acorn.io>
---
 credential-stores/pkg/common/encryption.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/credential-stores/pkg/common/encryption.go b/credential-stores/pkg/common/encryption.go
index 69c948081..36efd6ad5 100644
--- a/credential-stores/pkg/common/encryption.go
+++ b/credential-stores/pkg/common/encryption.go
@@ -13,7 +13,9 @@ import (
 
 func readEncryptionConfig(ctx context.Context) (*encryptionconfig.EncryptionConfiguration, error) {
 	encryptionConfigPath := os.Getenv("GPTSCRIPT_ENCRYPTION_CONFIG_FILE")
+	var useDefault bool
 	if encryptionConfigPath == "" {
+		useDefault = true
 		var err error
 		if encryptionConfigPath, err = xdg.ConfigFile("gptscript/encryptionconfig.yaml"); err != nil {
 			return nil, fmt.Errorf("failed to read encryption config from standard location: %w", err)
@@ -22,7 +24,11 @@ func readEncryptionConfig(ctx context.Context) (*encryptionconfig.EncryptionConf
 
 	if _, err := os.Stat(encryptionConfigPath); err != nil {
 		if os.IsNotExist(err) {
-			return nil, nil
+			if useDefault {
+				fmt.Println("WARNING: credentials will be stored unencrypted")
+				return nil, nil
+			}
+			return nil, fmt.Errorf("encryption config file does not exist: %w", err)
 		}
 		return nil, fmt.Errorf("failed to stat encryption config file: %w", err)
 	}