refactor: clean up crypto modules

- Fix error: any → error: unknown with proper type guard in encryption.ts
- Eliminate duplicate iv.toString('hex') calls in both encrypt functions
- Remove redundant string split in decryptApiKey (was splitting twice)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: waleedlatif1

apps/sim/lib/api-key/crypto.ts

@@ -41,11 +41,12 @@ export async function encryptApiKey(apiKey: string): Promise<{ encrypted: string
   encrypted += cipher.final('hex')
 
   const authTag = cipher.getAuthTag()
+  const ivHex = iv.toString('hex')
 
   // Format: iv:encrypted:authTag
   return {
-    encrypted: `${iv.toString('hex')}:${encrypted}:${authTag.toString('hex')}`,
-    iv: iv.toString('hex'),
+    encrypted: `${ivHex}:${encrypted}:${authTag.toString('hex')}`,
+    iv: ivHex,
   }
 }
 
@@ -55,8 +56,10 @@ export async function encryptApiKey(apiKey: string): Promise<{ encrypted: string
  * @returns A promise that resolves to an object containing the decrypted API key
  */
 export async function decryptApiKey(encryptedValue: string): Promise<{ decrypted: string }> {
+  const parts = encryptedValue.split(':')
+
   // Check if this is actually encrypted (contains colons)
-  if (!encryptedValue.includes(':') || encryptedValue.split(':').length !== 3) {
+  if (parts.length !== 3) {
     // This is a plain text key, return as-is
     return { decrypted: encryptedValue }
   }
@@ -68,10 +71,9 @@ export async function decryptApiKey(encryptedValue: string): Promise<{ decrypted
     return { decrypted: encryptedValue }
   }
 
-  const parts = encryptedValue.split(':')
   const ivHex = parts[0]
-  const authTagHex = parts[parts.length - 1]
-  const encrypted = parts.slice(1, -1).join(':')
+  const authTagHex = parts[2]
+  const encrypted = parts[1]
 
   if (!ivHex || !encrypted || !authTagHex) {
     throw new Error('Invalid encrypted API key format. Expected "iv:encrypted:authTag"')

apps/sim/lib/core/security/encryption.ts

@@ -26,11 +26,12 @@ export async function encryptSecret(secret: string): Promise<{ encrypted: string
   encrypted += cipher.final('hex')
 
   const authTag = cipher.getAuthTag()
+  const ivHex = iv.toString('hex')
 
   // Format: iv:encrypted:authTag
   return {
-    encrypted: `${iv.toString('hex')}:${encrypted}:${authTag.toString('hex')}`,
-    iv: iv.toString('hex'),
+    encrypted: `${ivHex}:${encrypted}:${authTag.toString('hex')}`,
+    iv: ivHex,
   }
 }
 
@@ -61,8 +62,10 @@ export async function decryptSecret(encryptedValue: string): Promise<{ decrypted
     decrypted += decipher.final('utf8')
 
     return { decrypted }
-  } catch (error: any) {
-    logger.error('Decryption error:', { error: error.message })
+  } catch (error: unknown) {
+    logger.error('Decryption error:', {
+      error: error instanceof Error ? error.message : 'Unknown error',
+    })
     throw error
   }
 }