From 5c5911af0a447db0307644d5830d226fa4b853f0 Mon Sep 17 00:00:00 2001
From: oleksandr-codefresh <oleksandr.saulyak@octopus.com>
Date: Tue, 7 Apr 2026 08:14:51 +0300
Subject: [PATCH 1/2] Refactor PodLogEncryptionProvider to use KeyParameter and
 GcmBlockCipher for improved encryption handling

---
 .../Crypto/PodLogEncryptionProvider.cs        | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/source/Octopus.Tentacle/Kubernetes/Crypto/PodLogEncryptionProvider.cs b/source/Octopus.Tentacle/Kubernetes/Crypto/PodLogEncryptionProvider.cs
index d19ffb049..945130f46 100644
--- a/source/Octopus.Tentacle/Kubernetes/Crypto/PodLogEncryptionProvider.cs
+++ b/source/Octopus.Tentacle/Kubernetes/Crypto/PodLogEncryptionProvider.cs
@@ -16,14 +16,18 @@ public interface IPodLogEncryptionProvider
     
     public class PodLogEncryptionProvider : IPodLogEncryptionProvider
     {
-        readonly byte[] keyBytes;
+        readonly KeyParameter keyParameter;
+        readonly GcmBlockCipher cipher;
+        readonly int macSize;
         const int NonceLength = 12;
 
         private PodLogEncryptionProvider(byte[] keyBytes)
         {
-            this.keyBytes = keyBytes;
+            keyParameter = new KeyParameter(keyBytes);
+            cipher = new GcmBlockCipher(new AesEngine());
+            macSize = 8 * cipher.GetBlockSize();
         }
-        
+
         public static IPodLogEncryptionProvider Create(byte[] keyBytes) => new PodLogEncryptionProvider(keyBytes);
 
         public string Decrypt(string encryptedLogMessage)
@@ -33,9 +37,7 @@ public string Decrypt(string encryptedLogMessage)
             var nonceSpan = allEncryptedBytes.Slice(0, NonceLength);
             var logMessageBytes = allEncryptedBytes.Slice(NonceLength);
 
-            var cipher = new GcmBlockCipher(new AesEngine());
-            var macSize = 8 * cipher.GetBlockSize();
-            cipher.Init(false, new AeadParameters(new KeyParameter(keyBytes), macSize, nonceSpan.ToArray()));
+            cipher.Init(false, new AeadParameters(keyParameter, macSize, nonceSpan.ToArray()));
 
             var outputSize = cipher.GetOutputSize(logMessageBytes.Length);
             var plainTextData = new byte[outputSize];
@@ -53,10 +55,7 @@ public string Encrypt(string plainText, byte[]? nonce = null)
             //if no nonce is provided, generate one
             nonce ??= GenerateNonce();
 
-            var cipher = new GcmBlockCipher(new AesEngine());
-            var macSize = 8 * cipher.GetBlockSize();
-            var parameters = new AeadParameters(new KeyParameter(keyBytes), macSize, nonce, null);
-            cipher.Init(true, parameters);
+            cipher.Init(true, new AeadParameters(keyParameter, macSize, nonce, null));
 
             var cipherText = new byte[cipher.GetOutputSize(plainTextBytes.Length)];
             var len = cipher.ProcessBytes(plainTextBytes, 0, plainTextBytes.Length, cipherText, 0);

From bff406bb362a8c931f1a8c405299bbe6d15eed92 Mon Sep 17 00:00:00 2001
From: oleksandr-codefresh <oleksandr.saulyak@octopus.com>
Date: Thu, 16 Apr 2026 12:38:33 +0300
Subject: [PATCH 2/2] trigger ci