Amnezia Web UI Code Review Exposes SSL Private Key Storage in Application Database

A code review conducted on May 2, 2026, has identified a P2 security vulnerability in the Amnezia Web UI: SSL private key material is being stored directly in the application database. The SSLSettings schema in schemas.py accepts a key_text parameter and persists it to the settings table, creating a scenario where TLS private keys could be exposed alongside the data they are meant to protect. The finding carries significant implications for any deployment where database exfiltration is a realistic threat vector.

The affected components include the SSLSettings schema and SSL settings endpoints within app/routers/. While the stored keys are protected by Fernet encryption at rest, the architecture itself introduces a fundamental security anti-pattern. Fernet encryption relies on a separate encryption key—if an attacker obtains both the database and the Fernet key through a more comprehensive compromise, the private key material becomes readable. The review notes that key material must never be logged or returned in API responses, and a detailed analysis with code examples is available in the associated review document at /tasks/amnezia-web-ui-code-review.md.

The proposed remediation follows two paths. Option A calls for removing in-database key storage entirely, modifying the Settings UI and API to accept only file paths pointing to key material stored on the filesystem. Option B, described as a fallback, permits retaining in-database storage provided the risk is prominently documented in both the README and the Settings UI itself. Both options require a clear migration path for existing deployments. Until resolved, this issue represents technical debt and a potential production security vulnerability that could undermine the trust model of any system relying on Amnezia for secure communications.