28 lines
1.0 KiB
SQL
28 lines
1.0 KiB
SQL
CREATE TABLE IF NOT EXISTS resource_secrets (
|
|
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
|
organization_id UUID NOT NULL REFERENCES organizations(id) ON DELETE CASCADE,
|
|
resource_id UUID NOT NULL REFERENCES resources(id) ON DELETE CASCADE,
|
|
secret_ref TEXT NOT NULL UNIQUE,
|
|
protocol TEXT NOT NULL,
|
|
version INTEGER NOT NULL DEFAULT 1,
|
|
key_id TEXT NOT NULL,
|
|
algorithm TEXT NOT NULL DEFAULT 'AES-256-GCM',
|
|
nonce BYTEA NOT NULL,
|
|
ciphertext BYTEA NOT NULL,
|
|
payload_sha256 TEXT NOT NULL,
|
|
metadata JSONB NOT NULL DEFAULT '{}'::JSONB,
|
|
created_by_user_id UUID REFERENCES users(id) ON DELETE SET NULL,
|
|
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
|
|
rotated_at TIMESTAMPTZ,
|
|
UNIQUE (resource_id)
|
|
);
|
|
|
|
CREATE INDEX IF NOT EXISTS idx_resource_secrets_organization_id
|
|
ON resource_secrets(organization_id);
|
|
|
|
CREATE INDEX IF NOT EXISTS idx_resource_secrets_resource_id
|
|
ON resource_secrets(resource_id);
|
|
|
|
CREATE INDEX IF NOT EXISTS idx_resource_secrets_secret_ref
|
|
ON resource_secrets(secret_ref);
|