shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-03 04:58:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
coder/coderd/database/migrations/000515_gitsshkeys_private_key_key_id.down.sql
T
Zach 170c33a475 feat: encrypt gitsshkeys.private_key at rest via dbcrypt (#25872) 
Adds an optional dbcrypt wrapper around gitsshkeys.private_key. The
column is encrypted on insert and update through enterprise/dbcrypt when
external token encryption is configured, and decrypted on read.

A new private_key_key_id column references
dbcrypt_keys(active_key_digest) so revocation safety is enforced by the
existing foreign key. Rows with a NULL key_id stay plaintext and remain
readable. Existing plaintext rows can be backfilled by running `coder
server dbcrypt rotate`.

Generated with assistance from Coder Agents.
2026-06-02 08:36:01 -06:00

4 lines
115 B
SQL
Raw Permalink Blame History

ALTER TABLE gitsshkeys
DROP CONSTRAINT gitsshkeys_private_key_key_id_fkey,
DROP COLUMN private_key_key_id;
Reference in New Issue View Git Blame Copy Permalink