Document secret bootstrap and exceptions in case of first run for a uuid.
Definition of done
-
documentation page for secrets mechanism -
some level of behavior test for ensuring the mechanism works as expected
Details
When soledad is instantiated for the first time for a given user in a device, the following happens:
- it will not find secrets stored locally.
- it has then to determine whether there are already secrets stored for that user in the server.
- it has to refuse to start if it can't make that verification (otherwise, there's the risk of creating new local secrets and failing to decrypt data previously encrypted with another secret).
There are some cases in which soledad will not be able to determine if there's a secret in the server:
- if it can't reach the server (network error, connectivity problem, server is offline, etc).
- if it can reach the server but it doesn't have a token to authorize the request (client hasn't logged in yet, token has expired, etc).
We have to properly document this behaviour and ensure that Bitmask client works accordingly.
Related: #8721 (closed)
Edited by Kali Kaneko