fix(configuration-database): resolve ConfigurationDatabase-013,014 — fail-fast on missing key ring, single converter local; ConfigurationDatabase-012 left open (cross-module design decision)

tests/ScadaLink.ConfigurationDatabase.Tests/SchemaConfigurationTests.cs

@@ -1,4 +1,6 @@
 using Microsoft.EntityFrameworkCore;
+using ScadaLink.Commons.Entities.ExternalSystems;
+using ScadaLink.Commons.Entities.Notifications;
 using ScadaLink.Commons.Entities.Sites;
 using ScadaLink.Commons.Entities.Templates;
 using ScadaLink.ConfigurationDatabase;
@@ -48,6 +50,26 @@ public class SchemaConfigurationTests : IDisposable
         Assert.Equal(siblingMaxLength, entity.FindProperty(nameof(Site.GrpcNodeAAddress))!.GetMaxLength());
         Assert.Equal(siblingMaxLength, entity.FindProperty(nameof(Site.GrpcNodeBAddress))!.GetMaxLength());
     }
+
+    // ConfigurationDatabase-014: the encrypting value converter must be applied
+    // uniformly to all three secret-bearing columns, including the non-nullable
+    // DatabaseConnectionDefinition.ConnectionString. A regression here (e.g. the
+    // converter dropped from one HasConversion call) would silently store a secret
+    // in plaintext.
+
+    [Theory]
+    [InlineData(typeof(SmtpConfiguration), nameof(SmtpConfiguration.Credentials))]
+    [InlineData(typeof(ExternalSystemDefinition), nameof(ExternalSystemDefinition.AuthConfiguration))]
+    [InlineData(typeof(DatabaseConnectionDefinition), nameof(DatabaseConnectionDefinition.ConnectionString))]
+    public void SecretColumns_AllHaveEncryptedStringConverterApplied(Type entityType, string propertyName)
+    {
+        var converter = _context.Model
+            .FindEntityType(entityType)!
+            .FindProperty(propertyName)!
+            .GetValueConverter();
+
+        Assert.IsType<EncryptedStringConverter>(converter);
+    }
 }
 
 public class SplitQueryBehaviourTests : IDisposable