Skip to content

Commit 104bf21

Browse files
evgeniy-scherbinaevgeniy-scherbina
committed
feat: add user_secrets table
1 parent 83aafd8 commit 104bf21

File tree

6 files changed

+82
-0
lines changed

6 files changed

+82
-0
lines changed

coderd/database/dump.sql

Lines changed: 24 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/foreign_key_constraint.go

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/migrations/000356_add_user_secrets.down.sql

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
-- Drop the unique indexes first (in reverse order of creation)
2+
DROP INDEX IF EXISTS user_secrets_user_file_path_idx;
3+
DROP INDEX IF EXISTS user_secrets_user_env_name_idx;
4+
DROP INDEX IF EXISTS user_secrets_user_name_idx;
5+
6+
-- Drop the table
7+
DROP TABLE IF EXISTS user_secrets;

coderd/database/migrations/000356_add_user_secrets.up.sql

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
-- Stores encrypted user secrets (global, available across all organizations)
2+
CREATE TABLE user_secrets (
3+
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
4+
user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
5+
name TEXT NOT NULL,
6+
description TEXT NOT NULL,
7+
8+
-- The encrypted secret value (base64-encoded encrypted data)
9+
value TEXT NOT NULL,
10+
11+
-- Auto-injection settings
12+
-- Environment variable name (e.g., "DATABASE_PASSWORD", "API_KEY")
13+
-- Empty string means don't inject as env var
14+
env_name TEXT NOT NULL DEFAULT '',
15+
16+
-- File path where secret should be written (e.g., "/home/coder/.ssh/id_rsa")
17+
-- Empty string means don't inject as file
18+
file_path TEXT NOT NULL DEFAULT '',
19+
20+
-- Timestamps
21+
created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP NOT NULL,
22+
updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP NOT NULL
23+
);
24+
25+
-- Unique constraint: user can't have duplicate secret names
26+
CREATE UNIQUE INDEX user_secrets_user_name_idx ON user_secrets(user_id, name);
27+
28+
-- Unique constraint: user can't have duplicate env names
29+
CREATE UNIQUE INDEX user_secrets_user_env_name_idx ON user_secrets(user_id, env_name)
30+
WHERE env_name != '';
31+
32+
-- Unique constraint: user can't have duplicate file paths
33+
CREATE UNIQUE INDEX user_secrets_user_file_path_idx ON user_secrets(user_id, file_path)
34+
WHERE file_path != '';

coderd/database/models.go

Lines changed: 12 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/unique_constraint.go

Lines changed: 4 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)