From 405ea48824ef1c361dc0c11a30665374b008c3fa Mon Sep 17 00:00:00 2001 From: Flo Date: Tue, 2 Dec 2025 12:01:56 +0100 Subject: [PATCH 1/4] feat: add environment variables db schema and queries --- .../bulk_deployment_insert.sql_generated.go | 4 +- .../db/deployment_find_by_id.sql_generated.go | 5 +- go/pkg/db/deployment_insert.sql_generated.go | 11 ++-- ...es_find_by_environment_id.sql_generated.go | 51 +++++++++++++++++ go/pkg/db/models_generated.go | 56 +++++++++++++++++++ go/pkg/db/querier_generated.go | 13 ++++- go/pkg/db/queries/deployment_insert.sql | 6 +- ...nment_variables_find_by_environment_id.sql | 5 ++ go/pkg/db/schema.sql | 16 ++++++ internal/db/src/schema/deployments.ts | 4 ++ .../db/src/schema/environment_variables.ts | 12 +++- internal/db/src/schema/index.ts | 1 + 12 files changed, 166 insertions(+), 18 deletions(-) create mode 100644 go/pkg/db/environment_variables_find_by_environment_id.sql_generated.go create mode 100644 go/pkg/db/queries/environment_variables_find_by_environment_id.sql diff --git a/go/pkg/db/bulk_deployment_insert.sql_generated.go b/go/pkg/db/bulk_deployment_insert.sql_generated.go index 771e97d7e5..ae5410b3b4 100644 --- a/go/pkg/db/bulk_deployment_insert.sql_generated.go +++ b/go/pkg/db/bulk_deployment_insert.sql_generated.go @@ -9,7 +9,7 @@ import ( ) // bulkInsertDeployment is the base query for bulk insert -const bulkInsertDeployment = `INSERT INTO ` + "`" + `deployments` + "`" + ` ( id, workspace_id, project_id, environment_id, git_commit_sha, git_branch, runtime_config, gateway_config, git_commit_message, git_commit_author_handle, git_commit_author_avatar_url, git_commit_timestamp, openapi_spec, status, gateway_config, created_at, updated_at ) VALUES %s` +const bulkInsertDeployment = `INSERT INTO ` + "`" + `deployments` + "`" + ` ( id, workspace_id, project_id, environment_id, git_commit_sha, git_branch, runtime_config, gateway_config, git_commit_message, git_commit_author_handle, git_commit_author_avatar_url, git_commit_timestamp, openapi_spec, secrets_config, status, created_at, updated_at ) VALUES %s` // InsertDeployments performs bulk insert in a single query func (q *BulkQueries) InsertDeployments(ctx context.Context, db DBTX, args []InsertDeploymentParams) error { @@ -42,8 +42,8 @@ func (q *BulkQueries) InsertDeployments(ctx context.Context, db DBTX, args []Ins allArgs = append(allArgs, arg.GitCommitAuthorAvatarUrl) allArgs = append(allArgs, arg.GitCommitTimestamp) allArgs = append(allArgs, arg.OpenapiSpec) + allArgs = append(allArgs, arg.SecretsConfig) allArgs = append(allArgs, arg.Status) - allArgs = append(allArgs, arg.GatewayConfig) allArgs = append(allArgs, arg.CreatedAt) allArgs = append(allArgs, arg.UpdatedAt) } diff --git a/go/pkg/db/deployment_find_by_id.sql_generated.go b/go/pkg/db/deployment_find_by_id.sql_generated.go index a413f36715..d3156b74bf 100644 --- a/go/pkg/db/deployment_find_by_id.sql_generated.go +++ b/go/pkg/db/deployment_find_by_id.sql_generated.go @@ -10,12 +10,12 @@ import ( ) const findDeploymentById = `-- name: FindDeploymentById :one -SELECT id, workspace_id, project_id, environment_id, git_commit_sha, git_branch, git_commit_message, git_commit_author_handle, git_commit_author_avatar_url, git_commit_timestamp, runtime_config, gateway_config, openapi_spec, status, created_at, updated_at FROM ` + "`" + `deployments` + "`" + ` WHERE id = ? +SELECT id, workspace_id, project_id, environment_id, git_commit_sha, git_branch, git_commit_message, git_commit_author_handle, git_commit_author_avatar_url, git_commit_timestamp, runtime_config, gateway_config, openapi_spec, secrets_config, status, created_at, updated_at FROM ` + "`" + `deployments` + "`" + ` WHERE id = ? ` // FindDeploymentById // -// SELECT id, workspace_id, project_id, environment_id, git_commit_sha, git_branch, git_commit_message, git_commit_author_handle, git_commit_author_avatar_url, git_commit_timestamp, runtime_config, gateway_config, openapi_spec, status, created_at, updated_at FROM `deployments` WHERE id = ? +// SELECT id, workspace_id, project_id, environment_id, git_commit_sha, git_branch, git_commit_message, git_commit_author_handle, git_commit_author_avatar_url, git_commit_timestamp, runtime_config, gateway_config, openapi_spec, secrets_config, status, created_at, updated_at FROM `deployments` WHERE id = ? func (q *Queries) FindDeploymentById(ctx context.Context, db DBTX, id string) (Deployment, error) { row := db.QueryRowContext(ctx, findDeploymentById, id) var i Deployment @@ -33,6 +33,7 @@ func (q *Queries) FindDeploymentById(ctx context.Context, db DBTX, id string) (D &i.RuntimeConfig, &i.GatewayConfig, &i.OpenapiSpec, + &i.SecretsConfig, &i.Status, &i.CreatedAt, &i.UpdatedAt, diff --git a/go/pkg/db/deployment_insert.sql_generated.go b/go/pkg/db/deployment_insert.sql_generated.go index 95e368905a..2d7237d6d3 100644 --- a/go/pkg/db/deployment_insert.sql_generated.go +++ b/go/pkg/db/deployment_insert.sql_generated.go @@ -24,10 +24,10 @@ INSERT INTO ` + "`" + `deployments` + "`" + ` ( git_commit_message, git_commit_author_handle, git_commit_author_avatar_url, - git_commit_timestamp, -- Unix epoch milliseconds + git_commit_timestamp, openapi_spec, + secrets_config, status, - gateway_config, created_at, updated_at ) @@ -66,6 +66,7 @@ type InsertDeploymentParams struct { GitCommitAuthorAvatarUrl sql.NullString `db:"git_commit_author_avatar_url"` GitCommitTimestamp sql.NullInt64 `db:"git_commit_timestamp"` OpenapiSpec sql.NullString `db:"openapi_spec"` + SecretsConfig []byte `db:"secrets_config"` Status DeploymentsStatus `db:"status"` CreatedAt int64 `db:"created_at"` UpdatedAt sql.NullInt64 `db:"updated_at"` @@ -85,10 +86,10 @@ type InsertDeploymentParams struct { // git_commit_message, // git_commit_author_handle, // git_commit_author_avatar_url, -// git_commit_timestamp, -- Unix epoch milliseconds +// git_commit_timestamp, // openapi_spec, +// secrets_config, // status, -// gateway_config, // created_at, // updated_at // ) @@ -126,8 +127,8 @@ func (q *Queries) InsertDeployment(ctx context.Context, db DBTX, arg InsertDeplo arg.GitCommitAuthorAvatarUrl, arg.GitCommitTimestamp, arg.OpenapiSpec, + arg.SecretsConfig, arg.Status, - arg.GatewayConfig, arg.CreatedAt, arg.UpdatedAt, ) diff --git a/go/pkg/db/environment_variables_find_by_environment_id.sql_generated.go b/go/pkg/db/environment_variables_find_by_environment_id.sql_generated.go new file mode 100644 index 0000000000..45953ba266 --- /dev/null +++ b/go/pkg/db/environment_variables_find_by_environment_id.sql_generated.go @@ -0,0 +1,51 @@ +// Code generated by sqlc. DO NOT EDIT. +// versions: +// sqlc v1.29.0 +// source: environment_variables_find_by_environment_id.sql + +package db + +import ( + "context" +) + +const findEnvironmentVariablesByEnvironmentId = `-- name: FindEnvironmentVariablesByEnvironmentId :many +SELECT ` + "`" + `key` + "`" + `, value +FROM environment_variables +WHERE environment_id = ? + AND deleted_at IS NULL +` + +type FindEnvironmentVariablesByEnvironmentIdRow struct { + Key string `db:"key"` + Value string `db:"value"` +} + +// FindEnvironmentVariablesByEnvironmentId +// +// SELECT `key`, value +// FROM environment_variables +// WHERE environment_id = ? +// AND deleted_at IS NULL +func (q *Queries) FindEnvironmentVariablesByEnvironmentId(ctx context.Context, db DBTX, environmentID string) ([]FindEnvironmentVariablesByEnvironmentIdRow, error) { + rows, err := db.QueryContext(ctx, findEnvironmentVariablesByEnvironmentId, environmentID) + if err != nil { + return nil, err + } + defer rows.Close() + var items []FindEnvironmentVariablesByEnvironmentIdRow + for rows.Next() { + var i FindEnvironmentVariablesByEnvironmentIdRow + if err := rows.Scan(&i.Key, &i.Value); err != nil { + return nil, err + } + items = append(items, i) + } + if err := rows.Close(); err != nil { + return nil, err + } + if err := rows.Err(); err != nil { + return nil, err + } + return items, nil +} diff --git a/go/pkg/db/models_generated.go b/go/pkg/db/models_generated.go index 231a63474b..5b3416d198 100644 --- a/go/pkg/db/models_generated.go +++ b/go/pkg/db/models_generated.go @@ -278,6 +278,48 @@ func (ns NullDeploymentsStatus) Value() (driver.Value, error) { return string(ns.DeploymentsStatus), nil } +type EnvironmentVariablesType string + +const ( + EnvironmentVariablesTypeRecoverable EnvironmentVariablesType = "recoverable" + EnvironmentVariablesTypeWriteonly EnvironmentVariablesType = "writeonly" +) + +func (e *EnvironmentVariablesType) Scan(src interface{}) error { + switch s := src.(type) { + case []byte: + *e = EnvironmentVariablesType(s) + case string: + *e = EnvironmentVariablesType(s) + default: + return fmt.Errorf("unsupported scan type for EnvironmentVariablesType: %T", src) + } + return nil +} + +type NullEnvironmentVariablesType struct { + EnvironmentVariablesType EnvironmentVariablesType + Valid bool // Valid is true if EnvironmentVariablesType is not NULL +} + +// Scan implements the Scanner interface. +func (ns *NullEnvironmentVariablesType) Scan(value interface{}) error { + if value == nil { + ns.EnvironmentVariablesType, ns.Valid = "", false + return nil + } + ns.Valid = true + return ns.EnvironmentVariablesType.Scan(value) +} + +// Value implements the driver Valuer interface. +func (ns NullEnvironmentVariablesType) Value() (driver.Value, error) { + if !ns.Valid { + return nil, nil + } + return string(ns.EnvironmentVariablesType), nil +} + type GatewaysHealth string const ( @@ -747,6 +789,7 @@ type Deployment struct { RuntimeConfig json.RawMessage `db:"runtime_config"` GatewayConfig []byte `db:"gateway_config"` OpenapiSpec sql.NullString `db:"openapi_spec"` + SecretsConfig []byte `db:"secrets_config"` Status DeploymentsStatus `db:"status"` CreatedAt int64 `db:"created_at"` UpdatedAt sql.NullInt64 `db:"updated_at"` @@ -782,6 +825,19 @@ type Environment struct { UpdatedAt sql.NullInt64 `db:"updated_at"` } +type EnvironmentVariable struct { + ID string `db:"id"` + WorkspaceID string `db:"workspace_id"` + EnvironmentID string `db:"environment_id"` + Key string `db:"key"` + Value string `db:"value"` + Type EnvironmentVariablesType `db:"type"` + Description sql.NullString `db:"description"` + DeleteProtection sql.NullBool `db:"delete_protection"` + CreatedAt int64 `db:"created_at"` + UpdatedAt sql.NullInt64 `db:"updated_at"` +} + type Gateway struct { ID string `db:"id"` WorkspaceID string `db:"workspace_id"` diff --git a/go/pkg/db/querier_generated.go b/go/pkg/db/querier_generated.go index e0fe39c1eb..1e4d63eeb2 100644 --- a/go/pkg/db/querier_generated.go +++ b/go/pkg/db/querier_generated.go @@ -190,7 +190,7 @@ type Querier interface { FindCustomDomainById(ctx context.Context, db DBTX, id string) (FindCustomDomainByIdRow, error) //FindDeploymentById // - // SELECT id, workspace_id, project_id, environment_id, git_commit_sha, git_branch, git_commit_message, git_commit_author_handle, git_commit_author_avatar_url, git_commit_timestamp, runtime_config, gateway_config, openapi_spec, status, created_at, updated_at FROM `deployments` WHERE id = ? + // SELECT id, workspace_id, project_id, environment_id, git_commit_sha, git_branch, git_commit_message, git_commit_author_handle, git_commit_author_avatar_url, git_commit_timestamp, runtime_config, gateway_config, openapi_spec, secrets_config, status, created_at, updated_at FROM `deployments` WHERE id = ? FindDeploymentById(ctx context.Context, db DBTX, id string) (Deployment, error) //FindDeploymentStepsByDeploymentId // @@ -217,6 +217,13 @@ type Querier interface { // AND project_id = ? // AND slug = ? FindEnvironmentByProjectIdAndSlug(ctx context.Context, db DBTX, arg FindEnvironmentByProjectIdAndSlugParams) (Environment, error) + //FindEnvironmentVariablesByEnvironmentId + // + // SELECT `key`, value + // FROM environment_variables + // WHERE environment_id = ? + // AND deleted_at IS NULL + FindEnvironmentVariablesByEnvironmentId(ctx context.Context, db DBTX, environmentID string) ([]FindEnvironmentVariablesByEnvironmentIdRow, error) //FindGatewaysByEnvironmentID // // SELECT id, workspace_id, environment_id, k8s_service_name, region, image, health, replicas FROM gateways WHERE environment_id = ? @@ -1108,10 +1115,10 @@ type Querier interface { // git_commit_message, // git_commit_author_handle, // git_commit_author_avatar_url, - // git_commit_timestamp, -- Unix epoch milliseconds + // git_commit_timestamp, // openapi_spec, + // secrets_config, // status, - // gateway_config, // created_at, // updated_at // ) diff --git a/go/pkg/db/queries/deployment_insert.sql b/go/pkg/db/queries/deployment_insert.sql index 4473559101..2bf552a811 100644 --- a/go/pkg/db/queries/deployment_insert.sql +++ b/go/pkg/db/queries/deployment_insert.sql @@ -11,10 +11,10 @@ INSERT INTO `deployments` ( git_commit_message, git_commit_author_handle, git_commit_author_avatar_url, - git_commit_timestamp, -- Unix epoch milliseconds + git_commit_timestamp, openapi_spec, + secrets_config, status, - gateway_config, created_at, updated_at ) @@ -32,8 +32,8 @@ VALUES ( sqlc.arg(git_commit_author_avatar_url), sqlc.arg(git_commit_timestamp), sqlc.arg(openapi_spec), + sqlc.arg(secrets_config), sqlc.arg(status), - sqlc.arg(gateway_config), sqlc.arg(created_at), sqlc.arg(updated_at) ); diff --git a/go/pkg/db/queries/environment_variables_find_by_environment_id.sql b/go/pkg/db/queries/environment_variables_find_by_environment_id.sql new file mode 100644 index 0000000000..c2b937ef8d --- /dev/null +++ b/go/pkg/db/queries/environment_variables_find_by_environment_id.sql @@ -0,0 +1,5 @@ +-- name: FindEnvironmentVariablesByEnvironmentId :many +SELECT `key`, value +FROM environment_variables +WHERE environment_id = sqlc.arg(environment_id) + AND deleted_at IS NULL; diff --git a/go/pkg/db/schema.sql b/go/pkg/db/schema.sql index d856d164bd..66eccc8da9 100644 --- a/go/pkg/db/schema.sql +++ b/go/pkg/db/schema.sql @@ -316,6 +316,21 @@ CREATE TABLE `environments` ( CONSTRAINT `environments_project_id_slug_idx` UNIQUE(`project_id`,`slug`) ); +CREATE TABLE `environment_variables` ( + `id` varchar(128) NOT NULL, + `workspace_id` varchar(256) NOT NULL, + `environment_id` varchar(128) NOT NULL, + `key` varchar(256) NOT NULL, + `value` varchar(4096) NOT NULL, + `type` enum('recoverable','writeonly') NOT NULL, + `description` varchar(255), + `delete_protection` boolean DEFAULT false, + `created_at` bigint NOT NULL, + `updated_at` bigint, + CONSTRAINT `environment_variables_id` PRIMARY KEY(`id`), + CONSTRAINT `environment_id_key` UNIQUE(`environment_id`,`key`) +); + CREATE TABLE `clickhouse_workspace_settings` ( `workspace_id` varchar(256) NOT NULL, `username` varchar(256) NOT NULL, @@ -363,6 +378,7 @@ CREATE TABLE `deployments` ( `runtime_config` json NOT NULL, `gateway_config` longblob NOT NULL, `openapi_spec` longblob, + `secrets_config` longblob NOT NULL, `status` enum('pending','building','deploying','network','ready','failed') NOT NULL DEFAULT 'pending', `created_at` bigint NOT NULL, `updated_at` bigint, diff --git a/internal/db/src/schema/deployments.ts b/internal/db/src/schema/deployments.ts index 17bdd0cb07..28e3fbc502 100644 --- a/internal/db/src/schema/deployments.ts +++ b/internal/db/src/schema/deployments.ts @@ -46,6 +46,10 @@ export const deployments = mysqlTable( // OpenAPI specification openapiSpec: longblob("openapi_spec"), + // Environment variables snapshot (protobuf: ctrl.v1.SecretsBlob) + // Encrypted values from environment_variables at deploy time + secretsConfig: longblob("secrets_config").notNull(), + // Deployment status status: mysqlEnum("status", ["pending", "building", "deploying", "network", "ready", "failed"]) .notNull() diff --git a/internal/db/src/schema/environment_variables.ts b/internal/db/src/schema/environment_variables.ts index a5f54b777a..cd2c8cbb33 100644 --- a/internal/db/src/schema/environment_variables.ts +++ b/internal/db/src/schema/environment_variables.ts @@ -5,6 +5,7 @@ import { lifecycleDates } from "./util/lifecycle_dates"; import { workspaces } from "./workspaces"; import { environments } from "./environments"; + export const environmentVariables = mysqlTable( "environment_variables", { @@ -15,9 +16,14 @@ export const environmentVariables = mysqlTable( }).notNull(), key: varchar("key", { length: 256 }).notNull(), - // Either the plaintext value or a vault encrypted response - value: varchar("value", { length: 1024 }).notNull(), - type: mysqlEnum("type", ["plaintext", "secret"]).notNull(), + + // Always encrypted via vault (contains keyId, nonce, ciphertext in the blob) + value: varchar("value", { length: 4096 }).notNull(), + + // Both types are encrypted in the database + // - recoverable: can be decrypted and shown in the UI + // - writeonly: cannot be read back after creation + type: mysqlEnum("type", ["recoverable", "writeonly"]).notNull(), description: varchar("description", { length: 255 }), diff --git a/internal/db/src/schema/index.ts b/internal/db/src/schema/index.ts index 8748aa506d..af0bd61103 100644 --- a/internal/db/src/schema/index.ts +++ b/internal/db/src/schema/index.ts @@ -10,6 +10,7 @@ export * from "./identity"; export * from "./quota"; export * from "./audit_logs"; export * from "./environments"; +export * from "./environment_variables"; export * from "./clickhouse_workspace_settings"; // Deployment platform tables From 5b0249ee9d1c163404524565ee7c18934e0a09b2 Mon Sep 17 00:00:00 2001 From: Flo Date: Tue, 2 Dec 2025 13:59:47 +0100 Subject: [PATCH 2/4] fix db query --- ...vironment_variables_find_by_environment_id.sql_generated.go | 2 -- go/pkg/db/querier_generated.go | 1 - .../queries/environment_variables_find_by_environment_id.sql | 3 +-- 3 files changed, 1 insertion(+), 5 deletions(-) diff --git a/go/pkg/db/environment_variables_find_by_environment_id.sql_generated.go b/go/pkg/db/environment_variables_find_by_environment_id.sql_generated.go index 45953ba266..590d40c8f4 100644 --- a/go/pkg/db/environment_variables_find_by_environment_id.sql_generated.go +++ b/go/pkg/db/environment_variables_find_by_environment_id.sql_generated.go @@ -13,7 +13,6 @@ const findEnvironmentVariablesByEnvironmentId = `-- name: FindEnvironmentVariabl SELECT ` + "`" + `key` + "`" + `, value FROM environment_variables WHERE environment_id = ? - AND deleted_at IS NULL ` type FindEnvironmentVariablesByEnvironmentIdRow struct { @@ -26,7 +25,6 @@ type FindEnvironmentVariablesByEnvironmentIdRow struct { // SELECT `key`, value // FROM environment_variables // WHERE environment_id = ? -// AND deleted_at IS NULL func (q *Queries) FindEnvironmentVariablesByEnvironmentId(ctx context.Context, db DBTX, environmentID string) ([]FindEnvironmentVariablesByEnvironmentIdRow, error) { rows, err := db.QueryContext(ctx, findEnvironmentVariablesByEnvironmentId, environmentID) if err != nil { diff --git a/go/pkg/db/querier_generated.go b/go/pkg/db/querier_generated.go index 1e4d63eeb2..e0cbf969cd 100644 --- a/go/pkg/db/querier_generated.go +++ b/go/pkg/db/querier_generated.go @@ -222,7 +222,6 @@ type Querier interface { // SELECT `key`, value // FROM environment_variables // WHERE environment_id = ? - // AND deleted_at IS NULL FindEnvironmentVariablesByEnvironmentId(ctx context.Context, db DBTX, environmentID string) ([]FindEnvironmentVariablesByEnvironmentIdRow, error) //FindGatewaysByEnvironmentID // diff --git a/go/pkg/db/queries/environment_variables_find_by_environment_id.sql b/go/pkg/db/queries/environment_variables_find_by_environment_id.sql index c2b937ef8d..866a56b25f 100644 --- a/go/pkg/db/queries/environment_variables_find_by_environment_id.sql +++ b/go/pkg/db/queries/environment_variables_find_by_environment_id.sql @@ -1,5 +1,4 @@ -- name: FindEnvironmentVariablesByEnvironmentId :many SELECT `key`, value FROM environment_variables -WHERE environment_id = sqlc.arg(environment_id) - AND deleted_at IS NULL; +WHERE environment_id = sqlc.arg(environment_id); From 60f228c2edd12aadaf1d46681d7cbf2924816a73 Mon Sep 17 00:00:00 2001 From: Flo Date: Tue, 2 Dec 2025 12:03:12 +0100 Subject: [PATCH 3/4] feat: add SecretsConfig proto for encrypted env vars --- .../dashboard/gen/proto/ctrl/v1/secrets_pb.ts | 36 +++++ go/gen/proto/ctrl/v1/secrets.pb.go | 131 ++++++++++++++++++ go/proto/ctrl/v1/secrets.proto | 11 ++ 3 files changed, 178 insertions(+) create mode 100644 apps/dashboard/gen/proto/ctrl/v1/secrets_pb.ts create mode 100644 go/gen/proto/ctrl/v1/secrets.pb.go create mode 100644 go/proto/ctrl/v1/secrets.proto diff --git a/apps/dashboard/gen/proto/ctrl/v1/secrets_pb.ts b/apps/dashboard/gen/proto/ctrl/v1/secrets_pb.ts new file mode 100644 index 0000000000..65f4a72f2f --- /dev/null +++ b/apps/dashboard/gen/proto/ctrl/v1/secrets_pb.ts @@ -0,0 +1,36 @@ +// @generated by protoc-gen-es v2.8.0 with parameter "target=ts" +// @generated from file ctrl/v1/secrets.proto (package ctrl.v1, syntax proto3) +/* eslint-disable */ + +import type { GenFile, GenMessage } from "@bufbuild/protobuf/codegenv2"; +import { fileDesc, messageDesc } from "@bufbuild/protobuf/codegenv2"; +import type { Message } from "@bufbuild/protobuf"; + +/** + * Describes the file ctrl/v1/secrets.proto. + */ +export const file_ctrl_v1_secrets: GenFile = /*@__PURE__*/ + fileDesc("ChVjdHJsL3YxL3NlY3JldHMucHJvdG8SB2N0cmwudjEidQoNU2VjcmV0c0NvbmZpZxI0CgdzZWNyZXRzGAEgAygLMiMuY3RybC52MS5TZWNyZXRzQ29uZmlnLlNlY3JldHNFbnRyeRouCgxTZWNyZXRzRW50cnkSCwoDa2V5GAEgASgJEg0KBXZhbHVlGAIgASgJOgI4AUKOAQoLY29tLmN0cmwudjFCDFNlY3JldHNQcm90b1ABWjRnaXRodWIuY29tL3Vua2V5ZWQvdW5rZXkvZ28vZ2VuL3Byb3RvL2N0cmwvdjE7Y3RybHYxogIDQ1hYqgIHQ3RybC5WMcoCB0N0cmxcVjHiAhNDdHJsXFYxXEdQQk1ldGFkYXRh6gIIQ3RybDo6VjFiBnByb3RvMw"); + +/** + * SecretsConfig is stored in the deployments table + * Contains encrypted environment variables snapshotted at deploy time + * + * @generated from message ctrl.v1.SecretsConfig + */ +export type SecretsConfig = Message<"ctrl.v1.SecretsConfig"> & { + /** + * key -> encrypted value + * + * @generated from field: map secrets = 1; + */ + secrets: { [key: string]: string }; +}; + +/** + * Describes the message ctrl.v1.SecretsConfig. + * Use `create(SecretsConfigSchema)` to create a new message. + */ +export const SecretsConfigSchema: GenMessage = /*@__PURE__*/ + messageDesc(file_ctrl_v1_secrets, 0); + diff --git a/go/gen/proto/ctrl/v1/secrets.pb.go b/go/gen/proto/ctrl/v1/secrets.pb.go new file mode 100644 index 0000000000..8c947ee05a --- /dev/null +++ b/go/gen/proto/ctrl/v1/secrets.pb.go @@ -0,0 +1,131 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.36.8 +// protoc (unknown) +// source: ctrl/v1/secrets.proto + +package ctrlv1 + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" + unsafe "unsafe" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// SecretsConfig is stored in the deployments table +// Contains encrypted environment variables snapshotted at deploy time +type SecretsConfig struct { + state protoimpl.MessageState `protogen:"open.v1"` + // key -> encrypted value + Secrets map[string]string `protobuf:"bytes,1,rep,name=secrets,proto3" json:"secrets,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *SecretsConfig) Reset() { + *x = SecretsConfig{} + mi := &file_ctrl_v1_secrets_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *SecretsConfig) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SecretsConfig) ProtoMessage() {} + +func (x *SecretsConfig) ProtoReflect() protoreflect.Message { + mi := &file_ctrl_v1_secrets_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SecretsConfig.ProtoReflect.Descriptor instead. +func (*SecretsConfig) Descriptor() ([]byte, []int) { + return file_ctrl_v1_secrets_proto_rawDescGZIP(), []int{0} +} + +func (x *SecretsConfig) GetSecrets() map[string]string { + if x != nil { + return x.Secrets + } + return nil +} + +var File_ctrl_v1_secrets_proto protoreflect.FileDescriptor + +const file_ctrl_v1_secrets_proto_rawDesc = "" + + "\n" + + "\x15ctrl/v1/secrets.proto\x12\actrl.v1\"\x8a\x01\n" + + "\rSecretsConfig\x12=\n" + + "\asecrets\x18\x01 \x03(\v2#.ctrl.v1.SecretsConfig.SecretsEntryR\asecrets\x1a:\n" + + "\fSecretsEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + + "\x05value\x18\x02 \x01(\tR\x05value:\x028\x01B\x8e\x01\n" + + "\vcom.ctrl.v1B\fSecretsProtoP\x01Z4github.com/unkeyed/unkey/go/gen/proto/ctrl/v1;ctrlv1\xa2\x02\x03CXX\xaa\x02\aCtrl.V1\xca\x02\aCtrl\\V1\xe2\x02\x13Ctrl\\V1\\GPBMetadata\xea\x02\bCtrl::V1b\x06proto3" + +var ( + file_ctrl_v1_secrets_proto_rawDescOnce sync.Once + file_ctrl_v1_secrets_proto_rawDescData []byte +) + +func file_ctrl_v1_secrets_proto_rawDescGZIP() []byte { + file_ctrl_v1_secrets_proto_rawDescOnce.Do(func() { + file_ctrl_v1_secrets_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_ctrl_v1_secrets_proto_rawDesc), len(file_ctrl_v1_secrets_proto_rawDesc))) + }) + return file_ctrl_v1_secrets_proto_rawDescData +} + +var file_ctrl_v1_secrets_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_ctrl_v1_secrets_proto_goTypes = []any{ + (*SecretsConfig)(nil), // 0: ctrl.v1.SecretsConfig + nil, // 1: ctrl.v1.SecretsConfig.SecretsEntry +} +var file_ctrl_v1_secrets_proto_depIdxs = []int32{ + 1, // 0: ctrl.v1.SecretsConfig.secrets:type_name -> ctrl.v1.SecretsConfig.SecretsEntry + 1, // [1:1] is the sub-list for method output_type + 1, // [1:1] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { file_ctrl_v1_secrets_proto_init() } +func file_ctrl_v1_secrets_proto_init() { + if File_ctrl_v1_secrets_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: unsafe.Slice(unsafe.StringData(file_ctrl_v1_secrets_proto_rawDesc), len(file_ctrl_v1_secrets_proto_rawDesc)), + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_ctrl_v1_secrets_proto_goTypes, + DependencyIndexes: file_ctrl_v1_secrets_proto_depIdxs, + MessageInfos: file_ctrl_v1_secrets_proto_msgTypes, + }.Build() + File_ctrl_v1_secrets_proto = out.File + file_ctrl_v1_secrets_proto_goTypes = nil + file_ctrl_v1_secrets_proto_depIdxs = nil +} diff --git a/go/proto/ctrl/v1/secrets.proto b/go/proto/ctrl/v1/secrets.proto new file mode 100644 index 0000000000..4a724cd55c --- /dev/null +++ b/go/proto/ctrl/v1/secrets.proto @@ -0,0 +1,11 @@ +syntax = "proto3"; +package ctrl.v1; + +option go_package = "github.com/unkeyed/unkey/go/gen/proto/ctrl/v1;ctrlv1"; + +// SecretsConfig is stored in the deployments table +// Contains encrypted environment variables snapshotted at deploy time +message SecretsConfig { + // key -> encrypted value + map secrets = 1; +} From ac2921865f2e45445c07829a795ade60ce752273 Mon Sep 17 00:00:00 2001 From: "autofix-ci[bot]" <114827586+autofix-ci[bot]@users.noreply.github.com> Date: Wed, 3 Dec 2025 13:11:51 +0000 Subject: [PATCH 4/4] [autofix.ci] apply automated fixes --- apps/dashboard/gen/proto/ctrl/v1/secrets_pb.ts | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/apps/dashboard/gen/proto/ctrl/v1/secrets_pb.ts b/apps/dashboard/gen/proto/ctrl/v1/secrets_pb.ts index 65f4a72f2f..493806e854 100644 --- a/apps/dashboard/gen/proto/ctrl/v1/secrets_pb.ts +++ b/apps/dashboard/gen/proto/ctrl/v1/secrets_pb.ts @@ -2,15 +2,18 @@ // @generated from file ctrl/v1/secrets.proto (package ctrl.v1, syntax proto3) /* eslint-disable */ +import type { Message } from "@bufbuild/protobuf"; import type { GenFile, GenMessage } from "@bufbuild/protobuf/codegenv2"; import { fileDesc, messageDesc } from "@bufbuild/protobuf/codegenv2"; -import type { Message } from "@bufbuild/protobuf"; /** * Describes the file ctrl/v1/secrets.proto. */ -export const file_ctrl_v1_secrets: GenFile = /*@__PURE__*/ - fileDesc("ChVjdHJsL3YxL3NlY3JldHMucHJvdG8SB2N0cmwudjEidQoNU2VjcmV0c0NvbmZpZxI0CgdzZWNyZXRzGAEgAygLMiMuY3RybC52MS5TZWNyZXRzQ29uZmlnLlNlY3JldHNFbnRyeRouCgxTZWNyZXRzRW50cnkSCwoDa2V5GAEgASgJEg0KBXZhbHVlGAIgASgJOgI4AUKOAQoLY29tLmN0cmwudjFCDFNlY3JldHNQcm90b1ABWjRnaXRodWIuY29tL3Vua2V5ZWQvdW5rZXkvZ28vZ2VuL3Byb3RvL2N0cmwvdjE7Y3RybHYxogIDQ1hYqgIHQ3RybC5WMcoCB0N0cmxcVjHiAhNDdHJsXFYxXEdQQk1ldGFkYXRh6gIIQ3RybDo6VjFiBnByb3RvMw"); +export const file_ctrl_v1_secrets: GenFile = + /*@__PURE__*/ + fileDesc( + "ChVjdHJsL3YxL3NlY3JldHMucHJvdG8SB2N0cmwudjEidQoNU2VjcmV0c0NvbmZpZxI0CgdzZWNyZXRzGAEgAygLMiMuY3RybC52MS5TZWNyZXRzQ29uZmlnLlNlY3JldHNFbnRyeRouCgxTZWNyZXRzRW50cnkSCwoDa2V5GAEgASgJEg0KBXZhbHVlGAIgASgJOgI4AUKOAQoLY29tLmN0cmwudjFCDFNlY3JldHNQcm90b1ABWjRnaXRodWIuY29tL3Vua2V5ZWQvdW5rZXkvZ28vZ2VuL3Byb3RvL2N0cmwvdjE7Y3RybHYxogIDQ1hYqgIHQ3RybC5WMcoCB0N0cmxcVjHiAhNDdHJsXFYxXEdQQk1ldGFkYXRh6gIIQ3RybDo6VjFiBnByb3RvMw", + ); /** * SecretsConfig is stored in the deployments table @@ -31,6 +34,6 @@ export type SecretsConfig = Message<"ctrl.v1.SecretsConfig"> & { * Describes the message ctrl.v1.SecretsConfig. * Use `create(SecretsConfigSchema)` to create a new message. */ -export const SecretsConfigSchema: GenMessage = /*@__PURE__*/ +export const SecretsConfigSchema: GenMessage = + /*@__PURE__*/ messageDesc(file_ctrl_v1_secrets, 0); -