From fb5089cb3cfc51975afcce07c0ce8b568fda16fd Mon Sep 17 00:00:00 2001
From: Chris Duncan <chris@zoso.dev>
Date: Thu, 17 Jul 2025 14:43:59 -0700
Subject: [PATCH] Generate encryption key once per safe storage request.

---
 src/lib/workers/safe.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lib/workers/safe.ts b/src/lib/workers/safe.ts
index 6543a19..bcc8c63 100644
--- a/src/lib/workers/safe.ts
+++ b/src/lib/workers/safe.ts
@@ -76,9 +76,9 @@ export class Safe extends WorkerInterface {
 
 		try {
 			const records: SafeRecord[] = []
+			const salt = await Entropy.create()
+			const encryptionKey = await Safe.#createAesKey('encrypt', password, salt.buffer)
 			for (const label of Object.keys(data)) {
-				const salt = await Entropy.create()
-				const encryptionKey = await Safe.#createAesKey('encrypt', password, salt.buffer)
 				const iv = await Entropy.create()
 				const encrypted = await globalThis.crypto.subtle.encrypt({ name: 'AES-GCM', iv: iv.buffer }, encryptionKey, data[label])
 				const record: SafeRecord = {
-- 
2.47.3