Severity: Medium
gcm.Seal and gcm.Open are called with nil for AAD. An attacker with write access to the .enc files could swap them (e.g. prod.env.enc ↔ dev.env.enc) and decryption would succeed silently, writing the wrong secrets to the wrong file.
Fix: Pass the filename (or a stable file identifier) as AAD to both Seal and Open.
Severity: Medium
gcm.Seal and gcm.Open are called with nil for AAD. An attacker with write access to the .enc files could swap them (e.g. prod.env.enc ↔ dev.env.enc) and decryption would succeed silently, writing the wrong secrets to the wrong file.
Fix: Pass the filename (or a stable file identifier) as AAD to both Seal and Open.