From 091c19c43410d2945a0e4ba3e3361af50167e164 Mon Sep 17 00:00:00 2001
From: Jason Staack <jason@staack.com>
Date: Sun, 15 Mar 2026 23:15:39 -0500
Subject: [PATCH] fix: remove unreachable kms_service import in
 notification_service

kms_service.py does not exist and Transit encryption was never
implemented for SMTP passwords, making the decrypt_transit code path
unreachable. Remove it entirely and leave only the Fernet fallback.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 backend/app/services/notification_service.py | 16 ++--------------
 1 file changed, 2 insertions(+), 14 deletions(-)

diff --git a/backend/app/services/notification_service.py b/backend/app/services/notification_service.py
index 7e19ce2..638d7f8 100644
--- a/backend/app/services/notification_service.py
+++ b/backend/app/services/notification_service.py
@@ -93,23 +93,11 @@ async def _send_email(channel: dict, alert_event: dict, device_hostname: str) ->
         f"Threshold: {threshold}\n"
     )
 
-    # Decrypt SMTP password (Transit first, then legacy Fernet)
+    # Decrypt SMTP password (Fernet)
     smtp_password = None
-    transit_cipher = channel.get("smtp_password_transit")
     legacy_cipher = channel.get("smtp_password")
-    tenant_id = channel.get("tenant_id")
 
-    if transit_cipher and tenant_id:
-        try:
-            from app.services.kms_service import decrypt_transit
-
-            smtp_password = await decrypt_transit(transit_cipher, tenant_id)
-        except Exception:
-            logger.warning(
-                "Transit decryption failed for channel %s, trying legacy", channel.get("id")
-            )
-
-    if not smtp_password and legacy_cipher:
+    if legacy_cipher:
         try:
             from app.config import settings as app_settings
             from cryptography.fernet import Fernet