feat(coderd/database): add value_key_id column to user_secrets for encryption (#23997)

Add a nullable `value_key_id` column to the `user_secrets` table with a foreign key to `dbcrypt_keys`. This is the column dbcrypt uses to track which encryption key encrypted a given secret's value. This is required for encryption of user secret values. The column was missing from the original migration (000357).
2026-06-02 20:48:20 +00:00 · 2026-04-02 15:40:32 -06:00
parent 0cb942aab2
commit 990c006f28
6 changed files with 34 additions and 15 deletions
@@ -5264,15 +5264,16 @@ type UserLink struct {
 }

 type UserSecret struct {
-	ID          uuid.UUID `db:"id" json:"id"`
-	UserID      uuid.UUID `db:"user_id" json:"user_id"`
-	Name        string    `db:"name" json:"name"`
-	Description string    `db:"description" json:"description"`
-	Value       string    `db:"value" json:"value"`
-	EnvName     string    `db:"env_name" json:"env_name"`
-	FilePath    string    `db:"file_path" json:"file_path"`
-	CreatedAt   time.Time `db:"created_at" json:"created_at"`
-	UpdatedAt   time.Time `db:"updated_at" json:"updated_at"`
+	ID          uuid.UUID      `db:"id" json:"id"`
+	UserID      uuid.UUID      `db:"user_id" json:"user_id"`
+	Name        string         `db:"name" json:"name"`
+	Description string         `db:"description" json:"description"`
+	Value       string         `db:"value" json:"value"`
+	EnvName     string         `db:"env_name" json:"env_name"`
+	FilePath    string         `db:"file_path" json:"file_path"`
+	CreatedAt   time.Time      `db:"created_at" json:"created_at"`
+	UpdatedAt   time.Time      `db:"updated_at" json:"updated_at"`
+	ValueKeyID  sql.NullString `db:"value_key_id" json:"value_key_id"`
 }

 // Tracks the history of user status changes