release(secrets-mcp): 0.5.8 — 修复更换密码短语流程

- secrets-core: change_user_key() 事务内全量解密并重加密 secrets
- web: POST /api/key-change；已有密钥时拒绝 POST /api/key-setup（409）
- dashboard: 更换密码需当前密码，调用 key-change
- 同步 Cargo.lock

Cargo.lock

@@ -2066,7 +2066,7 @@ dependencies = [
 
 [[package]]
 name = "secrets-mcp"
-version = "0.5.7"
+version = "0.5.8"
 dependencies = [
  "anyhow",
  "askama",

crates/secrets-core/src/service/user.rs

@@ -76,6 +76,52 @@ pub async fn find_or_create_user(pool: &PgPool, profile: OAuthProfile) -> Result
     Ok((user, true))
 }
 
+/// Re-encrypt all of a user's secrets from `old_key` to `new_key` and update the key metadata.
+///
+/// Runs entirely inside a single database transaction: if any secret fails to re-encrypt
+/// the whole operation is rolled back, leaving the database unchanged.
+pub async fn change_user_key(
+    pool: &PgPool,
+    user_id: Uuid,
+    old_key: &[u8; 32],
+    new_key: &[u8; 32],
+    new_salt: &[u8],
+    new_key_check: &[u8],
+    new_key_params: &Value,
+) -> Result<()> {
+    let mut tx = pool.begin().await?;
+
+    let secrets: Vec<(uuid::Uuid, Vec<u8>)> =
+        sqlx::query_as("SELECT id, encrypted FROM secrets WHERE user_id = $1 FOR UPDATE")
+            .bind(user_id)
+            .fetch_all(&mut *tx)
+            .await?;
+
+    for (id, encrypted) in &secrets {
+        let plaintext = crate::crypto::decrypt(old_key, encrypted)?;
+        let new_encrypted = crate::crypto::encrypt(new_key, &plaintext)?;
+        sqlx::query("UPDATE secrets SET encrypted = $1, updated_at = NOW() WHERE id = $2")
+            .bind(&new_encrypted)
+            .bind(id)
+            .execute(&mut *tx)
+            .await?;
+    }
+
+    sqlx::query(
+        "UPDATE users SET key_salt = $1, key_check = $2, key_params = $3, updated_at = NOW() \
+         WHERE id = $4",
+    )
+    .bind(new_salt)
+    .bind(new_key_check)
+    .bind(new_key_params)
+    .bind(user_id)
+    .execute(&mut *tx)
+    .await?;
+
+    tx.commit().await?;
+    Ok(())
+}
+
 /// Store the PBKDF2 salt, key_check, and params for a user's passphrase setup.
 pub async fn update_user_key_setup(
     pool: &PgPool,

crates/secrets-mcp/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "secrets-mcp"
-version = "0.5.7"
+version = "0.5.8"
 edition.workspace = true
 
 [[bin]]

crates/secrets-mcp/src/logging.rs

@@ -5,20 +5,24 @@ use axum::{
     extract::Request,
     http::{
         HeaderMap, Method, StatusCode,
-        header::{CONTENT_LENGTH, CONTENT_TYPE, USER_AGENT},
+        header::{AUTHORIZATION, CONTENT_LENGTH, CONTENT_TYPE, USER_AGENT},
     },
     middleware::Next,
     response::{IntoResponse, Response},
 };
 
+use crate::auth::AuthUser;
+
 /// Axum middleware that logs structured info for every HTTP request.
 ///
 /// All requests: method, path, status, latency_ms, client_ip, user_agent.
 /// POST /mcp requests: additionally parses JSON-RPC body for jsonrpc_method,
-/// tool_name, jsonrpc_id, mcp_session, batch_size.
+/// tool_name, jsonrpc_id, mcp_session, batch_size, tool_args (non-sensitive
+/// arguments only), plus masked auth_key / enc_key fingerprints and user_id
+/// for diagnosing header forwarding issues.
 ///
-/// Sensitive headers (Authorization, X-Encryption-Key) and secret values
+/// Sensitive headers (Authorization, X-Encryption-Key) are never logged in
-/// are never logged.
+/// full — only short fingerprints are emitted.
 pub async fn request_logging_middleware(req: Request, next: Next) -> Response {
     let method = req.method().clone();
     let path = req.uri().path().to_string();
@@ -32,6 +36,10 @@ pub async fn request_logging_middleware(req: Request, next: Next) -> Response {
         .and_then(|v| v.to_str().ok())
         .map(|s| s.to_string());
 
+    // Capture header fingerprints before consuming the request.
+    let auth_key = mask_bearer(req.headers());
+    let enc_key = mask_enc_key(req.headers());
+
     let is_mcp_post = path.starts_with("/mcp") && method == Method::POST;
     let is_json = header_str(req.headers(), CONTENT_TYPE)
         .map(|ct| ct.contains("application/json"))
@@ -45,6 +53,11 @@ pub async fn request_logging_middleware(req: Request, next: Next) -> Response {
         let cap = content_len.unwrap_or(0);
         if cap <= 512 * 1024 {
             let (parts, body) = req.into_parts();
+            // user_id is available after auth middleware has run (injected into extensions).
+            let user_id = parts
+                .extensions
+                .get::<AuthUser>()
+                .map(|a| a.user_id.to_string());
             match to_bytes(body, 512 * 1024).await {
                 Ok(bytes) => {
                     let rpc = parse_jsonrpc_meta(&bytes);
@@ -61,6 +74,9 @@ pub async fn request_logging_middleware(req: Request, next: Next) -> Response {
                         ua.as_deref(),
                         content_len,
                         mcp_session.as_deref(),
+                        auth_key.as_deref(),
+                        &enc_key,
+                        user_id.as_deref(),
                         &rpc,
                     );
                     return resp;
@@ -77,6 +93,9 @@ pub async fn request_logging_middleware(req: Request, next: Next) -> Response {
                         ua = ua.as_deref(),
                         content_length = content_len,
                         mcp_session = mcp_session.as_deref(),
+                        auth_key = auth_key.as_deref(),
+                        enc_key = enc_key.as_str(),
+                        user_id = user_id.as_deref(),
                         "mcp request",
                     );
                     return (
@@ -159,6 +178,9 @@ fn log_mcp_request(
     ua: Option<&str>,
     content_length: Option<u64>,
     mcp_session: Option<&str>,
+    auth_key: Option<&str>,
+    enc_key: &str,
+    user_id: Option<&str>,
     rpc: &JsonRpcMeta,
 ) {
     tracing::info!(
@@ -174,18 +196,94 @@ fn log_mcp_request(
         tool = rpc.tool_name.as_deref(),
         jsonrpc_id = rpc.request_id.as_deref(),
         batch_size = rpc.batch_size,
+        tool_args = rpc.tool_args.as_deref(),
+        auth_key,
+        enc_key,
+        user_id,
         "mcp request",
     );
 }
 
+// ── Sensitive header masking ──────────────────────────────────────────────────
+
+/// Mask a Bearer token: emit only the first 12 characters followed by `…`.
+/// Returns `None` if the Authorization header is absent or not a Bearer token.
+/// Example: `sk_90c88844e4e5…`
+fn mask_bearer(headers: &HeaderMap) -> Option<String> {
+    let val = headers.get(AUTHORIZATION)?.to_str().ok()?;
+    let token = val.strip_prefix("Bearer ")?.trim();
+    if token.is_empty() {
+        return None;
+    }
+    if token.len() > 12 {
+        Some(format!("{}…", &token[..12]))
+    } else {
+        Some(token.to_string())
+    }
+}
+
+/// Fingerprint the X-Encryption-Key header.
+///
+/// Emits first 4 chars, last 4 chars, and raw byte length, e.g. `146b…5516(64)`.
+/// Returns `"absent"` when the header is missing. Reveals enough to confirm
+/// which key arrived and whether it was truncated or padded, without revealing
+/// the full value.
+fn mask_enc_key(headers: &HeaderMap) -> String {
+    match headers
+        .get("x-encryption-key")
+        .and_then(|v| v.to_str().ok())
+    {
+        Some(val) => {
+            let raw_len = val.len();
+            let t = val.trim();
+            let len = t.len();
+            if len >= 8 {
+                let prefix = &t[..4];
+                let suffix = &t[len - 4..];
+                if raw_len != len {
+                    // Trailing/leading whitespace detected — extra diagnostic.
+                    format!("{prefix}…{suffix}({len}, raw={raw_len})")
+                } else {
+                    format!("{prefix}…{suffix}({len})")
+                }
+            } else {
+                format!("…({len})")
+            }
+        }
+        None => "absent".to_string(),
+    }
+}
+
 // ── JSON-RPC body parsing ─────────────────────────────────────────────────────
 
+/// Safe (non-sensitive) argument keys that may be included verbatim in logs.
+/// Keys NOT in this list (e.g. `secrets`, `secrets_obj`, `meta_obj`,
+/// `encryption_key`) are silently dropped.
+const SAFE_ARG_KEYS: &[&str] = &[
+    "id",
+    "name",
+    "name_query",
+    "folder",
+    "type",
+    "entry_type",
+    "field",
+    "query",
+    "tags",
+    "limit",
+    "offset",
+    "format",
+    "dry_run",
+    "prefix",
+];
+
 #[derive(Debug, Default)]
 struct JsonRpcMeta {
     request_id: Option<String>,
     rpc_method: Option<String>,
     tool_name: Option<String>,
     batch_size: Option<usize>,
+    /// Non-sensitive tool call arguments for diagnostic logging.
+    tool_args: Option<String>,
 }
 
 fn parse_jsonrpc_meta(bytes: &Bytes) -> JsonRpcMeta {
@@ -215,12 +313,47 @@ fn parse_single(value: &serde_json::Value) -> JsonRpcMeta {
         .pointer("/params/name")
         .and_then(|v| v.as_str())
         .map(|s| s.to_string());
+    let tool_args = extract_tool_args(value);
 
     JsonRpcMeta {
         request_id,
         rpc_method,
         tool_name,
         batch_size: None,
+        tool_args,
+    }
+}
+
+/// Extract a compact summary of non-sensitive tool arguments for logging.
+/// Only keys listed in `SAFE_ARG_KEYS` are included.
+fn extract_tool_args(value: &serde_json::Value) -> Option<String> {
+    let args = value.pointer("/params/arguments")?;
+    let obj = args.as_object()?;
+    let pairs: Vec<String> = obj
+        .iter()
+        .filter(|(k, v)| SAFE_ARG_KEYS.contains(&k.as_str()) && !v.is_null())
+        .map(|(k, v)| format!("{}={}", k, summarize_value(v)))
+        .collect();
+    if pairs.is_empty() {
+        None
+    } else {
+        Some(pairs.join(" "))
+    }
+}
+
+/// Produce a short, log-safe representation of a JSON value.
+fn summarize_value(v: &serde_json::Value) -> String {
+    match v {
+        serde_json::Value::String(s) => {
+            if s.len() > 64 {
+                format!("\"{}…\"", &s[..64])
+            } else {
+                format!("\"{s}\"")
+            }
+        }
+        serde_json::Value::Array(arr) => format!("[…{}]", arr.len()),
+        serde_json::Value::Object(_) => "{…}".to_string(),
+        other => other.to_string(),
     }
 }
 

crates/secrets-mcp/src/tools.rs

@@ -265,6 +265,18 @@ impl SecretsService {
                 rmcp::ErrorData::invalid_request("Invalid X-Encryption-Key header value", None)
             })?;
         let trimmed = hex_str.trim();
+        // Debug-level fingerprint: helps diagnose header forwarding issues
+        // (e.g. Cursor Chat MCP truncating or transforming the key value)
+        // without revealing the full secret.
+        tracing::debug!(
+            raw_len = hex_str.len(),
+            trimmed_len = trimmed.len(),
+            key_prefix = trimmed.get(..8).unwrap_or(trimmed),
+            key_suffix = trimmed
+                .get(trimmed.len().saturating_sub(8)..)
+                .unwrap_or(trimmed),
+            "X-Encryption-Key received",
+        );
         if trimmed.len() != 64 {
             tracing::warn!(
                 got_len = trimmed.len(),
@@ -289,7 +301,51 @@ impl SecretsService {
             .map_err(mcp_err_invalid_encryption_key_logged)
     }
 
-    /// Require both user_id and encryption key.
+    /// Extract the encryption key, preferring an explicit argument value over
+    /// the X-Encryption-Key HTTP header.
+    ///
+    /// `arg_key` is the optional `encryption_key` field from the tool's input
+    /// struct. When present, it is used directly and the header is ignored.
+    /// This allows MCP clients that cannot reliably forward custom HTTP headers
+    /// (e.g. Cursor Chat) to pass the key as a normal tool argument.
+    fn extract_enc_key_or_arg(
+        ctx: &RequestContext<RoleServer>,
+        arg_key: Option<&str>,
+    ) -> Result<[u8; 32], rmcp::ErrorData> {
+        if let Some(hex_str) = arg_key {
+            let trimmed = hex_str.trim();
+            tracing::debug!(
+                source = "argument",
+                raw_len = hex_str.len(),
+                trimmed_len = trimmed.len(),
+                key_prefix = trimmed.get(..8).unwrap_or(trimmed),
+                key_suffix = trimmed
+                    .get(trimmed.len().saturating_sub(8)..)
+                    .unwrap_or(trimmed),
+                "X-Encryption-Key received",
+            );
+            if trimmed.len() != 64 {
+                return Err(rmcp::ErrorData::invalid_request(
+                    format!(
+                        "encryption_key must be exactly 64 hex characters (32-byte key), got {}.",
+                        trimmed.len()
+                    ),
+                    None,
+                ));
+            }
+            if !trimmed.chars().all(|c| c.is_ascii_hexdigit()) {
+                return Err(rmcp::ErrorData::invalid_request(
+                    "encryption_key contains non-hexadecimal characters.",
+                    None,
+                ));
+            }
+            return secrets_core::crypto::extract_key_from_hex(trimmed)
+                .map_err(mcp_err_invalid_encryption_key_logged);
+        }
+        Self::extract_enc_key(ctx)
+    }
+
+    /// Require both user_id and encryption key (header only, no arg fallback).
     fn require_user_and_key(
         ctx: &RequestContext<RoleServer>,
     ) -> Result<(Uuid, [u8; 32]), rmcp::ErrorData> {
@@ -297,6 +353,17 @@ impl SecretsService {
         let key = Self::extract_enc_key(ctx)?;
         Ok((user_id, key))
     }
+
+    /// Require both user_id and encryption key, preferring an explicit argument
+    /// value over the X-Encryption-Key header.
+    fn require_user_and_key_or_arg(
+        ctx: &RequestContext<RoleServer>,
+        arg_key: Option<&str>,
+    ) -> Result<(Uuid, [u8; 32]), rmcp::ErrorData> {
+        let user_id = Self::require_user_id(ctx)?;
+        let key = Self::extract_enc_key_or_arg(ctx, arg_key)?;
+        Ok((user_id, key))
+    }
 }
 
 // ── Tool parameter types ──────────────────────────────────────────────────────
@@ -370,6 +437,10 @@ struct GetSecretInput {
     id: String,
     #[schemars(description = "Specific field to retrieve. If omitted, returns all fields.")]
     field: Option<String>,
+    #[schemars(description = "Encryption key as a 64-char hex string. \
+        If provided, takes priority over the X-Encryption-Key HTTP header. \
+        Use this when the MCP client cannot reliably forward custom headers.")]
+    encryption_key: Option<String>,
 }
 
 #[derive(Debug, Deserialize, JsonSchema)]
@@ -416,6 +487,10 @@ struct AddInput {
     )]
     #[serde(default, deserialize_with = "deser::option_vec_string_from_string")]
     link_secret_names: Option<Vec<String>>,
+    #[schemars(description = "Encryption key as a 64-char hex string. \
+        If provided, takes priority over the X-Encryption-Key HTTP header. \
+        Use this when the MCP client cannot reliably forward custom headers.")]
+    encryption_key: Option<String>,
 }
 
 #[derive(Debug, Deserialize, JsonSchema)]
@@ -477,6 +552,10 @@ struct UpdateInput {
     )]
     #[serde(default, deserialize_with = "deser::option_vec_string_from_string")]
     unlink_secret_names: Option<Vec<String>>,
+    #[schemars(description = "Encryption key as a 64-char hex string. \
+        If provided, takes priority over the X-Encryption-Key HTTP header. \
+        Use this when the MCP client cannot reliably forward custom headers.")]
+    encryption_key: Option<String>,
 }
 
 #[derive(Debug, Deserialize, JsonSchema)]
@@ -549,6 +628,10 @@ struct ExportInput {
     query: Option<String>,
     #[schemars(description = "Export format: 'json' (default), 'toml', 'yaml'")]
     format: Option<String>,
+    #[schemars(description = "Encryption key as a 64-char hex string. \
+        If provided, takes priority over the X-Encryption-Key HTTP header. \
+        Use this when the MCP client cannot reliably forward custom headers.")]
+    encryption_key: Option<String>,
 }
 
 #[derive(Debug, Deserialize, JsonSchema)]
@@ -572,6 +655,10 @@ struct EnvMapInput {
         Example: entry 'aliyun', field 'access_key_id' → ALIYUN_ACCESS_KEY_ID \
         (or PREFIX_ALIYUN_ACCESS_KEY_ID with prefix set).")]
     prefix: Option<String>,
+    #[schemars(description = "Encryption key as a 64-char hex string. \
+        If provided, takes priority over the X-Encryption-Key HTTP header. \
+        Use this when the MCP client cannot reliably forward custom headers.")]
+    encryption_key: Option<String>,
 }
 
 #[derive(Debug, Deserialize, JsonSchema)]
@@ -876,7 +963,8 @@ impl SecretsService {
         ctx: RequestContext<RoleServer>,
     ) -> Result<CallToolResult, rmcp::ErrorData> {
         let t = Instant::now();
-        let (user_id, user_key) = Self::require_user_and_key(&ctx)?;
+        let (user_id, user_key) =
+            Self::require_user_and_key_or_arg(&ctx, input.encryption_key.as_deref())?;
         let entry_id = parse_uuid(&input.id)?;
         tracing::info!(
             tool = "secrets_get",
@@ -930,7 +1018,8 @@ impl SecretsService {
         ctx: RequestContext<RoleServer>,
     ) -> Result<CallToolResult, rmcp::ErrorData> {
         let t = Instant::now();
-        let (user_id, user_key) = Self::require_user_and_key(&ctx)?;
+        let (user_id, user_key) =
+            Self::require_user_and_key_or_arg(&ctx, input.encryption_key.as_deref())?;
         tracing::info!(
             tool = "secrets_add",
             ?user_id,
@@ -1024,7 +1113,8 @@ impl SecretsService {
         ctx: RequestContext<RoleServer>,
     ) -> Result<CallToolResult, rmcp::ErrorData> {
         let t = Instant::now();
-        let (user_id, user_key) = Self::require_user_and_key(&ctx)?;
+        let (user_id, user_key) =
+            Self::require_user_and_key_or_arg(&ctx, input.encryption_key.as_deref())?;
         tracing::info!(
             tool = "secrets_update",
             ?user_id,
@@ -1318,7 +1408,8 @@ impl SecretsService {
         ctx: RequestContext<RoleServer>,
     ) -> Result<CallToolResult, rmcp::ErrorData> {
         let t = Instant::now();
-        let (user_id, user_key) = Self::require_user_and_key(&ctx)?;
+        let (user_id, user_key) =
+            Self::require_user_and_key_or_arg(&ctx, input.encryption_key.as_deref())?;
         let tags = input.tags.unwrap_or_default();
         let format = input.format.as_deref().unwrap_or("json");
         tracing::info!(
@@ -1387,7 +1478,8 @@ impl SecretsService {
         ctx: RequestContext<RoleServer>,
     ) -> Result<CallToolResult, rmcp::ErrorData> {
         let t = Instant::now();
-        let (user_id, user_key) = Self::require_user_and_key(&ctx)?;
+        let (user_id, user_key) =
+            Self::require_user_and_key_or_arg(&ctx, input.encryption_key.as_deref())?;
         let tags = input.tags.unwrap_or_default();
         let only_fields = input.only_fields.unwrap_or_default();
         tracing::info!(

crates/secrets-mcp/src/web.rs

@@ -25,7 +25,7 @@ use secrets_core::service::{
     search::{SearchParams, count_entries, fetch_secret_schemas, ilike_pattern, list_entries},
     update::{UpdateEntryFieldsByIdParams, update_fields_by_id},
     user::{
-        OAuthProfile, bind_oauth_account, find_or_create_user, get_user_by_id,
+        OAuthProfile, bind_oauth_account, change_user_key, find_or_create_user, get_user_by_id,
         unbind_oauth_account, update_user_key_setup,
     },
 };
@@ -256,6 +256,7 @@ pub fn web_router() -> Router<AppState> {
         .route("/account/unbind/{provider}", post(account_unbind))
         .route("/api/key-salt", get(api_key_salt))
         .route("/api/key-setup", post(api_key_setup))
+        .route("/api/key-change", post(api_key_change))
         .route("/api/apikey", get(api_apikey_get))
         .route("/api/apikey/regenerate", post(api_apikey_regenerate))
         .route(
@@ -1040,6 +1041,20 @@ async fn api_key_setup(
         .await
         .ok_or(StatusCode::UNAUTHORIZED)?;
 
+    // Guard: if a passphrase is already configured, reject and direct to /api/key-change
+    let user = get_user_by_id(&state.pool, user_id)
+        .await
+        .map_err(|e| {
+            tracing::error!(error = %e, %user_id, "failed to load user for key-setup guard");
+            StatusCode::INTERNAL_SERVER_ERROR
+        })?
+        .ok_or(StatusCode::UNAUTHORIZED)?;
+
+    if user.key_salt.is_some() {
+        tracing::warn!(%user_id, "key-setup called but passphrase already configured; use /api/key-change");
+        return Err(StatusCode::CONFLICT);
+    }
+
     let salt = hex::decode_hex(&body.salt).map_err(|e| {
         tracing::warn!(error = %e, "invalid hex in key-setup salt");
         StatusCode::BAD_REQUEST
@@ -1064,6 +1079,103 @@ async fn api_key_setup(
     Ok(Json(KeySetupResponse { ok: true }))
 }
 
+// ── Change passphrase (re-encrypts all secrets) ───────────────────────────────
+
+#[derive(Deserialize)]
+struct KeyChangeRequest {
+    /// Old derived key as 64-char hex — used to decrypt existing secrets
+    old_key: String,
+    /// New derived key as 64-char hex — used to re-encrypt secrets
+    new_key: String,
+    /// New 32-byte hex salt
+    salt: String,
+    /// New key_check: AES-256-GCM of KEY_CHECK_PLAINTEXT with the new key (hex)
+    key_check: String,
+    /// New key derivation parameters
+    params: serde_json::Value,
+}
+
+async fn api_key_change(
+    State(state): State<AppState>,
+    session: Session,
+    Json(body): Json<KeyChangeRequest>,
+) -> Result<Json<KeySetupResponse>, StatusCode> {
+    let user_id = current_user_id(&session)
+        .await
+        .ok_or(StatusCode::UNAUTHORIZED)?;
+
+    let user = get_user_by_id(&state.pool, user_id)
+        .await
+        .map_err(|e| {
+            tracing::error!(error = %e, %user_id, "failed to load user for key-change");
+            StatusCode::INTERNAL_SERVER_ERROR
+        })?
+        .ok_or(StatusCode::UNAUTHORIZED)?;
+
+    // Must have an existing passphrase to change
+    let existing_key_check = user.key_check.ok_or_else(|| {
+        tracing::warn!(%user_id, "key-change called but no passphrase configured; use /api/key-setup");
+        StatusCode::BAD_REQUEST
+    })?;
+
+    // Validate and decode old key
+    let old_key_bytes = secrets_core::crypto::extract_key_from_hex(&body.old_key).map_err(|e| {
+        tracing::warn!(error = %e, "invalid old_key hex in key-change");
+        StatusCode::BAD_REQUEST
+    })?;
+
+    // Verify old_key against the stored key_check
+    let plaintext = secrets_core::crypto::decrypt(&old_key_bytes, &existing_key_check).map_err(|_| {
+        tracing::warn!(%user_id, "key-change rejected: old_key does not match stored key_check");
+        StatusCode::UNAUTHORIZED
+    })?;
+    if plaintext != b"secrets-mcp-key-check" {
+        tracing::warn!(%user_id, "key-change rejected: decrypted key_check content mismatch");
+        return Err(StatusCode::UNAUTHORIZED);
+    }
+
+    // Validate and decode new key
+    let new_key_bytes = secrets_core::crypto::extract_key_from_hex(&body.new_key).map_err(|e| {
+        tracing::warn!(error = %e, "invalid new_key hex in key-change");
+        StatusCode::BAD_REQUEST
+    })?;
+
+    // Decode new salt and key_check
+    let new_salt = hex::decode_hex(&body.salt).map_err(|e| {
+        tracing::warn!(error = %e, "invalid hex in key-change salt");
+        StatusCode::BAD_REQUEST
+    })?;
+    if new_salt.len() != 32 {
+        tracing::warn!(
+            salt_len = new_salt.len(),
+            "key-change salt must be 32 bytes"
+        );
+        return Err(StatusCode::BAD_REQUEST);
+    }
+    let new_key_check = hex::decode_hex(&body.key_check).map_err(|e| {
+        tracing::warn!(error = %e, "invalid hex in key-change key_check");
+        StatusCode::BAD_REQUEST
+    })?;
+
+    change_user_key(
+        &state.pool,
+        user_id,
+        &old_key_bytes,
+        &new_key_bytes,
+        &new_salt,
+        &new_key_check,
+        &body.params,
+    )
+    .await
+    .map_err(|e| {
+        tracing::error!(error = %e, %user_id, "failed to change user key");
+        StatusCode::INTERNAL_SERVER_ERROR
+    })?;
+
+    tracing::info!(%user_id, secrets_count = "(see service log)", "passphrase changed and secrets re-encrypted");
+    Ok(Json(KeySetupResponse { ok: true }))
+}
+
 // ── API Key management ────────────────────────────────────────────────────────
 
 #[derive(Serialize)]

crates/secrets-mcp/templates/dashboard.html

@@ -305,6 +305,17 @@
 <div class="modal-bd" id="change-modal">
     <div class="modal">
         <h3 data-i18n="changeTitle">更换密码</h3>
+        <div class="field">
+            <label data-i18n="labelCurrent">当前密码</label>
+            <div class="pw-field">
+                <input type="password" id="change-pass-old" data-i18n-ph="phCurrent" autocomplete="current-password">
+                <button type="button" class="pw-toggle" data-target="change-pass-old" aria-pressed="false"
+                        onclick="togglePwVisibility(this)" aria-label="">
+                    <span class="pw-icon pw-icon-show" aria-hidden="true"><svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M1 12s4-8 11-8 11 8 11 8-4 8-11 8-11-8-11-8z"/><circle cx="12" cy="12" r="3"/></svg></span>
+                    <span class="pw-icon pw-icon-hide hidden" aria-hidden="true"><svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M17.94 17.94A10.07 10.07 0 0 1 12 20c-7 0-11-8-11-8a18.45 18.45 0 0 1 5.06-5.94M9.9 4.24A9.12 9.12 0 0 1 12 4c7 0 11 8 11 8a18.5 18.5 0 0 1-2.16 3.19m-6.72-1.07a3 3 0 1 1-4.24-4.24"/><line x1="1" y1="1" x2="23" y2="23"/></svg></span>
+                </button>
+            </div>
+        </div>
         <div class="field">
             <label data-i18n="labelNew">新密码</label>
             <div class="pw-field">
@@ -345,8 +356,10 @@ const T = {
         labelPassphrase: '加密密码',
         labelConfirm: '确认密码',
         labelNew: '新密码',
+        labelCurrent: '当前密码',
         phPassphrase: '输入密码…',
         phConfirm: '再次输入…',
+        phCurrent: '输入当前密码…',
         btnSetup: '设置并获取配置',
         btnUnlock: '解锁并获取配置',
         setupNote: '密码不会上传服务器。遗忘后数据将无法恢复。',
@@ -354,6 +367,7 @@ const T = {
         errShort: '密码至少需要 8 个字符。',
         errMismatch: '两次输入不一致。',
         errWrong: '密码错误，请重试。',
+        errWrongOld: '当前密码错误，请重试。',
         unlockedTitle: 'MCP 配置',
         tabMcp: 'Cursor、Claude Code、Codex、Gemini CLI',
         tabOpencode: 'OpenCode',
@@ -379,8 +393,10 @@ const T = {
         labelPassphrase: '加密密碼',
         labelConfirm: '確認密碼',
         labelNew: '新密碼',
+        labelCurrent: '目前密碼',
         phPassphrase: '輸入密碼…',
         phConfirm: '再次輸入…',
+        phCurrent: '輸入目前密碼…',
         btnSetup: '設定並取得設定',
         btnUnlock: '解鎖並取得設定',
         setupNote: '密碼不會上傳伺服器。遺忘後資料將無法復原。',
@@ -388,6 +404,7 @@ const T = {
         errShort: '密碼至少需要 8 個字元。',
         errMismatch: '兩次輸入不一致。',
         errWrong: '密碼錯誤，請重試。',
+        errWrongOld: '目前密碼錯誤，請重試。',
         unlockedTitle: 'MCP 設定',
         tabMcp: 'Cursor、Claude Code、Codex、Gemini CLI',
         tabOpencode: 'OpenCode',
@@ -413,8 +430,10 @@ const T = {
         labelPassphrase: 'Encryption password',
         labelConfirm: 'Confirm password',
         labelNew: 'New password',
+        labelCurrent: 'Current password',
         phPassphrase: 'Enter password…',
         phConfirm: 'Repeat password…',
+        phCurrent: 'Enter current password…',
         btnSetup: 'Set up & get config',
         btnUnlock: 'Unlock & get config',
         setupNote: 'Your password never leaves this device. If forgotten, encrypted data cannot be recovered.',
@@ -422,6 +441,7 @@ const T = {
         errShort: 'Password must be at least 8 characters.',
         errMismatch: 'Passwords do not match.',
         errWrong: 'Incorrect password, please try again.',
+        errWrongOld: 'Current password is incorrect, please try again.',
         unlockedTitle: 'MCP Config',
         tabMcp: 'Cursor, Claude Code, Codex, Gemini CLI',
         tabOpencode: 'OpenCode',
@@ -832,14 +852,16 @@ async function confirmRegenerate() {
 // ── Change passphrase modal ────────────────────────────────────────────────────
 
 function openChangeModal() {
+    document.getElementById('change-pass-old').value = '';
     document.getElementById('change-pass1').value = '';
     document.getElementById('change-pass2').value = '';
+    document.getElementById('change-pass-old').type = 'password';
     document.getElementById('change-pass1').type = 'password';
     document.getElementById('change-pass2').type = 'password';
     document.getElementById('change-error').style.display = 'none';
     document.getElementById('change-modal').classList.add('open');
     syncPwToggleI18n();
-    setTimeout(() => document.getElementById('change-pass1').focus(), 50);
+    setTimeout(() => document.getElementById('change-pass-old').focus(), 50);
 }
 
 function closeChangeModal() {
@@ -847,11 +869,13 @@ function closeChangeModal() {
 }
 
 async function doChange() {
+    const passOld = document.getElementById('change-pass-old').value;
     const pass1 = document.getElementById('change-pass1').value;
     const pass2 = document.getElementById('change-pass2').value;
     const errEl = document.getElementById('change-error');
     errEl.style.display = 'none';
 
+    if (!passOld) { showErr(errEl, t('errEmpty')); return; }
     if (!pass1) { showErr(errEl, t('errEmpty')); return; }
     if (pass1.length < 8) { showErr(errEl, t('errShort')); return; }
     if (pass1 !== pass2) { showErr(errEl, t('errMismatch')); return; }
@@ -860,24 +884,39 @@ async function doChange() {
     btn.disabled = true;
     btn.innerHTML = '<span class="spinner" style="border-top-color:#0d1117"></span>';
     try {
-        const salt = crypto.getRandomValues(new Uint8Array(32));
+        // Fetch current salt to derive old key for verification
-        const cryptoKey = await deriveKey(pass1, salt, true);
+        const saltResp = await fetchAuth('/api/key-salt');
-        const keyCheckHex = await encryptKeyCheck(cryptoKey);
+        if (!saltResp.ok) throw new Error('HTTP ' + saltResp.status);
-        const hexKey = await exportKeyHex(cryptoKey);
+        const saltData = await saltResp.json();
+        if (!saltData.has_passphrase) throw new Error('No passphrase configured');
 
-        const resp = await fetchAuth('/api/key-setup', {
+        // Derive old key and verify it
+        const oldCryptoKey = await deriveKey(passOld, hexToBytes(saltData.salt), true);
+        const validOld = await verifyKeyCheck(oldCryptoKey, saltData.key_check);
+        if (!validOld) { showErr(errEl, t('errWrongOld')); return; }
+        const oldHexKey = await exportKeyHex(oldCryptoKey);
+
+        // Derive new key
+        const newSalt = crypto.getRandomValues(new Uint8Array(32));
+        const newCryptoKey = await deriveKey(pass1, newSalt, true);
+        const newKeyCheckHex = await encryptKeyCheck(newCryptoKey);
+        const newHexKey = await exportKeyHex(newCryptoKey);
+
+        const resp = await fetchAuth('/api/key-change', {
             method: 'POST',
             headers: { 'Content-Type': 'application/json' },
             body: JSON.stringify({
-                salt: bytesToHex(salt),
+                old_key: oldHexKey,
-                key_check: keyCheckHex,
+                new_key: newHexKey,
+                salt: bytesToHex(newSalt),
+                key_check: newKeyCheckHex,
                 params: { alg: 'pbkdf2-sha256', iterations: PBKDF2_ITERATIONS }
             })
         });
         if (!resp.ok) throw new Error('HTTP ' + resp.status);
 
-        currentEncKey = hexKey;
+        currentEncKey = newHexKey;
-        sessionStorage.setItem('enc_key', hexKey);
+        sessionStorage.setItem('enc_key', newHexKey);
         renderRealConfig();
         closeChangeModal();
     } catch (e) {