yourfavDev
diff --git a/‎Cargo.lock‎
Lines changed: 116 additions & 2 deletions b/‎Cargo.lock‎
Lines changed: 116 additions & 2 deletions
diff --git a/‎Cargo.toml‎
Lines changed: 3 additions & 0 deletions b/‎Cargo.toml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 3 additions & 2 deletions b/‎README.md‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎encryption.sh‎
Lines changed: 21 additions & 0 deletions b/‎encryption.sh‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎src/main.rs‎
Lines changed: 1 addition & 1 deletion b/‎src/main.rs‎
Lines changed: 1 addition & 1 deletion
@@ -20,3 +20,6 @@ openssl = { version = "0.10", features = ["vendored"] }
 chrono = "0.4.40"
 jsonwebtoken = "9.3.1"
 log = "0.4.27"
+rand_core = "0.9.3"
+aes-gcm   = "0.10"   # AES-GCM (AEAD) implementation
+aead      = "0.5"    # traits for Aead, KeyInit, etc.
@@ -47,8 +47,9 @@ With its advanced real‑time update capabilities, DynaRust pushes live changes
     - **Enforcement:** All `PUT` and `DELETE` operations require an `Authorization` header. The server verifies that the requester matches the record’s owner.
 
 - **Cluster Security:**
-  - Each node should have a JWT_SECRET set, without this env var the node won't even start
-      - Each node must present a **secret token** (set via the `CLUSTER_SECRET` environment variable) to join the cluster, ensuring only trusted nodes participate.
+  - At compile time a SHA256 encryption key is embeded in the compiled binary (if that changes somehow in the future (recompile binary with different key) you won't be able to load the table, steps to properly compile are: run bash encryption.sh && cargo build --release and distribute only the binary under target/release/ to your nodes);
+    - Each node should have a JWT_SECRET set, without this env var the node won't even start
+        - Each node must present a **secret token** (set via the `CLUSTER_SECRET` environment variable) to join the cluster, ensuring only trusted nodes participate.
 
 - **Transport Security (HTTPS):**
     - **Easy Certificate Generation:**
 
@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+KEY_FILE="encryption.key"
+KEY_SIZE=32  # 32 bytes = 256 bits
+
+if [[ -e "$KEY_FILE" ]]; then
+  echo "Error: $KEY_FILE already exists. Remove or rename it and retry."
+  exit 1
+fi
+
+# Method 1: Using /dev/urandom
+head -c "$KEY_SIZE" /dev/urandom > "$KEY_FILE"
+
+# Alternatively, with OpenSSL:
+# openssl rand -out "$KEY_FILE" "$KEY_SIZE"
+
+# Restrict file perms so only the owner can read/write
+chmod 600 "$KEY_FILE"
+
+echo "Generated a $KEY_SIZE-byte key at $KEY_FILE (permissions 600)."
@@ -163,7 +163,7 @@ async fn main() -> std::io::Result<()> {
     }
 
     // Spawn the periodic cold save task.
-    tokio::spawn(cold_save(state.clone(), 30));
+    tokio::spawn(cold_save(state.clone(), 5));
 
     // Initialize cluster data with dynamic membership.
     let mut initial_nodes = HashMap::new();
Original file line number	Diff line number	Diff line change
`@@ -163,7 +163,7 @@ async fn main() -> std::io::Result<()> {`
`163`	`163`	`}`
`164`	`164`
`165`	`165`	`// Spawn the periodic cold save task.`
`166`		`- tokio::spawn(cold_save(state.clone(), 30));`
	`166`	`+ tokio::spawn(cold_save(state.clone(), 5));`
`167`	`167`
`168`	`168`	`// Initialize cluster data with dynamic membership.`
`169`	`169`	`let mut initial_nodes = HashMap::new();`