ore: update schemas

Author: samrose

migrations/schema-15.sql

@@ -574,6 +574,28 @@ END
 $$;
 
 
+--
+-- Name: secrets_encrypt_secret_secret(); Type: FUNCTION; Schema: vault; Owner: -
+--
+
+CREATE FUNCTION vault.secrets_encrypt_secret_secret() RETURNS trigger
+    LANGUAGE plpgsql
+    AS $$
+		BEGIN
+		        new.secret = CASE WHEN new.secret IS NULL THEN NULL ELSE
+			CASE WHEN new.key_id IS NULL THEN NULL ELSE pg_catalog.encode(
+			  pgsodium.crypto_aead_det_encrypt(
+				pg_catalog.convert_to(new.secret, 'utf8'),
+				pg_catalog.convert_to((new.id::text || new.description::text || new.created_at::text || new.updated_at::text)::text, 'utf8'),
+				new.key_id::uuid,
+				new.nonce
+			  ),
+				'base64') END END;
+		RETURN new;
+		END;
+		$$;
+
+
 SET default_tablespace = '';
 
 SET default_table_access_method = heap;
@@ -760,6 +782,30 @@ CREATE TABLE storage.objects (
 );
 
 
+--
+-- Name: decrypted_secrets; Type: VIEW; Schema: vault; Owner: -
+--
+
+CREATE VIEW vault.decrypted_secrets AS
+ SELECT secrets.id,
+    secrets.name,
+    secrets.description,
+    secrets.secret,
+        CASE
+            WHEN (secrets.secret IS NULL) THEN NULL::text
+            ELSE
+            CASE
+                WHEN (secrets.key_id IS NULL) THEN NULL::text
+                ELSE convert_from(pgsodium.crypto_aead_det_decrypt(decode(secrets.secret, 'base64'::text), convert_to(((((secrets.id)::text || secrets.description) || (secrets.created_at)::text) || (secrets.updated_at)::text), 'utf8'::name), secrets.key_id, secrets.nonce), 'utf8'::name)
+            END
+        END AS decrypted_secret,
+    secrets.key_id,
+    secrets.nonce,
+    secrets.created_at,
+    secrets.updated_at
+   FROM vault.secrets;
+
+
 --
 -- Name: refresh_tokens id; Type: DEFAULT; Schema: auth; Owner: -
 --

migrations/schema-orioledb-17.sql

@@ -589,6 +589,28 @@ END
 $$;
 
 
+--
+-- Name: secrets_encrypt_secret_secret(); Type: FUNCTION; Schema: vault; Owner: -
+--
+
+CREATE FUNCTION vault.secrets_encrypt_secret_secret() RETURNS trigger
+    LANGUAGE plpgsql
+    AS $$
+		BEGIN
+		        new.secret = CASE WHEN new.secret IS NULL THEN NULL ELSE
+			CASE WHEN new.key_id IS NULL THEN NULL ELSE pg_catalog.encode(
+			  pgsodium.crypto_aead_det_encrypt(
+				pg_catalog.convert_to(new.secret, 'utf8'),
+				pg_catalog.convert_to((new.id::text || new.description::text || new.created_at::text || new.updated_at::text)::text, 'utf8'),
+				new.key_id::uuid,
+				new.nonce
+			  ),
+				'base64') END END;
+		RETURN new;
+		END;
+		$$;
+
+
 SET default_tablespace = '';
 
 SET default_table_access_method = orioledb;
@@ -775,6 +797,30 @@ CREATE TABLE storage.objects (
 );
 
 
+--
+-- Name: decrypted_secrets; Type: VIEW; Schema: vault; Owner: -
+--
+
+CREATE VIEW vault.decrypted_secrets AS
+ SELECT id,
+    name,
+    description,
+    secret,
+        CASE
+            WHEN (secret IS NULL) THEN NULL::text
+            ELSE
+            CASE
+                WHEN (key_id IS NULL) THEN NULL::text
+                ELSE convert_from(pgsodium.crypto_aead_det_decrypt(decode(secret, 'base64'::text), convert_to(((((id)::text || description) || (created_at)::text) || (updated_at)::text), 'utf8'::name), key_id, nonce), 'utf8'::name)
+            END
+        END AS decrypted_secret,
+    key_id,
+    nonce,
+    created_at,
+    updated_at
+   FROM vault.secrets;
+
+
 --
 -- Name: refresh_tokens id; Type: DEFAULT; Schema: auth; Owner: -
 --