C0ffeeCode
ed2620c8b8
This adds support for encrypting and decrypting secrets. It implements the APIs required for unsealing. The APIs are not complete or compliant. Reviewed-on: #1 Co-authored-by: C0ffeeCode <ritters_werth@outlook.com> Co-committed-by: C0ffeeCode <ritters_werth@outlook.com>
32 lines
968 B
SQL
32 lines
968 B
SQL
-- Add migration script here
|
|
|
|
CREATE TABLE kv2_metadata (
|
|
engine_path TEXT NOT NULL,
|
|
secret_path TEXT NOT NULL,
|
|
|
|
cas_required INTEGER NOT NULL, -- no bool datatype in sqlite
|
|
created_time TIMESTAMP NOT NULL,
|
|
delete_version_after TEXT, -- Maybe NOT NULL
|
|
max_versions INTEGER NOT NULL,
|
|
-- current_version INTEGER NOT NULL,
|
|
-- oldest_version INTEGER NOT NULL,
|
|
updated_time TIMESTAMP NOT NULL,
|
|
custom_data TEXT,
|
|
|
|
PRIMARY KEY (engine_path, secret_path)
|
|
);
|
|
|
|
CREATE TABLE kv2_secret_version (
|
|
engine_path TEXT NOT NULL,
|
|
secret_path TEXT NOT NULL,
|
|
|
|
version_number INTEGER NOT NULL CHECK ( version_number > 0 ),
|
|
created_time DATETIME NOT NULL,
|
|
deletion_time DATETIME,
|
|
|
|
encrypted_data BLOB NOT NULL,
|
|
nonce BLOB NOT NULL CHECK ( length(nonce) = 12 ),
|
|
|
|
PRIMARY KEY (engine_path, secret_path, version_number),
|
|
FOREIGN KEY (engine_path, secret_path) REFERENCES kv2_metadata(engine_path, secret_path)
|
|
);
|