store

package

v0.0.0-...-735dfe8 Latest Latest Go to latest Published: Mar 13, 2026 License: MIT Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/envsync-cloud/minikms

Links

Open Source Insights

Documentation ¶

Index ¶

type OrgSecurityPolicy
type PostgresStore
- func NewPostgresStore(ctx context.Context, connString string) (*PostgresStore, error)
type RedisStore
- func NewRedisStore(ctx context.Context, redisURL string) (*RedisStore, error)
type VaultEntry
type VaultListItem

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type OrgSecurityPolicy ¶

type OrgSecurityPolicy struct {
	OrgID              string
	RequireBYOK        bool
	SessionDurationSec int
	MaxSessionTokens   int
	RequireMFAForAdmin bool
	ShamirThreshold    int
	ShamirTotalShares  int
}

OrgSecurityPolicy represents a row in the org_security_policy table.

type PostgresStore ¶

type PostgresStore struct {
	// contains filtered or unexported fields
}

PostgresStore implements all store interfaces using PostgreSQL via pgx.

func NewPostgresStore ¶

func NewPostgresStore(ctx context.Context, connString string) (*PostgresStore, error)

NewPostgresStore creates a new PostgresStore with a connection pool.

func (*PostgresStore) CleanupExpired ¶

func (s *PostgresStore) CleanupExpired(ctx context.Context) error

func (*PostgresStore) Close ¶

func (s *PostgresStore) Close()

Close closes the connection pool.

func (*PostgresStore) CreateKeyVersion ¶

func (s *PostgresStore) CreateKeyVersion(ctx context.Context, record *keys.KeyVersionRecord) error

func (*PostgresStore) DestroyVaultEntry ¶

func (s *PostgresStore) DestroyVaultEntry(ctx context.Context, orgID, scopeID, entryType, key string, envTypeID *string, version int) (int, error)

DestroyVaultEntry permanently deletes vault entry versions. If version is 0, destroys all versions.

func (*PostgresStore) GetActiveKeyVersion ¶

func (s *PostgresStore) GetActiveKeyVersion(ctx context.Context, orgID, appID string) (*keys.KeyVersionRecord, error)

func (*PostgresStore) GetCRLEntries ¶

func (s *PostgresStore) GetCRLEntries(ctx context.Context, issuerSerial string) ([]pkistore.CRLEntryRecord, error)

func (*PostgresStore) GetCertRevocationEntry ¶

func (s *PostgresStore) GetCertRevocationEntry(ctx context.Context, serialNumber string) (*pkistore.CRLEntryRecord, error)

func (*PostgresStore) GetCertificateBySerial ¶

func (s *PostgresStore) GetCertificateBySerial(ctx context.Context, serialNumber string) (*pkistore.CertRecord, error)

func (*PostgresStore) GetCertificateBySerialWithKey ¶

func (s *PostgresStore) GetCertificateBySerialWithKey(ctx context.Context, serialNumber string) (*pkistore.CertRecord, error)

func (*PostgresStore) GetEntries ¶

func (s *PostgresStore) GetEntries(ctx context.Context, orgID string, limit, offset int) ([]*audit.AuditEntry, error)

func (*PostgresStore) GetLatestEntryHash ¶

func (s *PostgresStore) GetLatestEntryHash(ctx context.Context, orgID string) (string, error)

func (*PostgresStore) GetLatestVaultEntry ¶

func (s *PostgresStore) GetLatestVaultEntry(ctx context.Context, orgID, scopeID, entryType, key string, envTypeID *string) (*VaultEntry, error)

GetLatestVaultEntry returns the latest non-deleted, non-destroyed version of a vault entry.

func (*PostgresStore) GetNextCRLNumber ¶

func (s *PostgresStore) GetNextCRLNumber(ctx context.Context, issuerSerial string) (int64, error)

func (*PostgresStore) GetNextVaultVersion ¶

func (s *PostgresStore) GetNextVaultVersion(ctx context.Context, orgID, scopeID, entryType, key string, envTypeID *string) (int, error)

GetNextVaultVersion returns the next version number for a vault entry.

func (*PostgresStore) GetOrgCA ¶

func (s *PostgresStore) GetOrgCA(ctx context.Context, orgID string) (*pkistore.CertRecord, error)

func (*PostgresStore) GetOrgCAWrap ¶

func (s *PostgresStore) GetOrgCAWrap(ctx context.Context, orgID, memberID string) (*keys.OrgCAWrapRecord, error)

func (*PostgresStore) GetOrgCAWraps ¶

func (s *PostgresStore) GetOrgCAWraps(ctx context.Context, orgID string) ([]*keys.OrgCAWrapRecord, error)

func (*PostgresStore) GetOrgSecurityPolicy ¶

func (s *PostgresStore) GetOrgSecurityPolicy(ctx context.Context, orgID string) (*OrgSecurityPolicy, error)

func (*PostgresStore) GetToken ¶

func (s *PostgresStore) GetToken(ctx context.Context, jti string) (*auth.TokenEntry, error)

func (*PostgresStore) GetTokensBySubject ¶

func (s *PostgresStore) GetTokensBySubject(ctx context.Context, subjectHash string) ([]*auth.TokenEntry, error)

GetTokensBySubject returns all active tokens for a given subject hash.

func (*PostgresStore) GetVaultEntryHistory ¶

func (s *PostgresStore) GetVaultEntryHistory(ctx context.Context, orgID, scopeID, entryType, key string, envTypeID *string) ([]*VaultEntry, error)

GetVaultEntryHistory returns all versions of a vault entry (for history).

func (*PostgresStore) GetVaultEntryVersion ¶

func (s *PostgresStore) GetVaultEntryVersion(ctx context.Context, orgID, scopeID, entryType, key string, envTypeID *string, version int) (*VaultEntry, error)

GetVaultEntryVersion returns a specific version of a vault entry.

func (*PostgresStore) IncrementEncryptionCount ¶

func (s *PostgresStore) IncrementEncryptionCount(ctx context.Context, keyVersionID string) (int64, error)

func (*PostgresStore) InsertCRLEntry ¶

func (s *PostgresStore) InsertCRLEntry(ctx context.Context, entry *pkistore.CRLEntryRecord) error

func (*PostgresStore) InsertEntry ¶

func (s *PostgresStore) InsertEntry(ctx context.Context, entry *audit.AuditEntry) error

func (*PostgresStore) ListVaultEntries ¶

func (s *PostgresStore) ListVaultEntries(ctx context.Context, orgID, scopeID, entryType string, envTypeID *string) ([]VaultListItem, error)

ListVaultEntries returns all active keys within a scope.

func (*PostgresStore) RevokeOrgCAWrap ¶

func (s *PostgresStore) RevokeOrgCAWrap(ctx context.Context, orgID, memberID string) error

func (*PostgresStore) RevokeToken ¶

func (s *PostgresStore) RevokeToken(ctx context.Context, jti string) error

func (*PostgresStore) RevokeTokensBySubject ¶

func (s *PostgresStore) RevokeTokensBySubject(ctx context.Context, subjectHash string) (int, error)

RevokeTokensBySubject revokes all active tokens for a given subject hash.

func (*PostgresStore) SoftDeleteVaultEntry ¶

func (s *PostgresStore) SoftDeleteVaultEntry(ctx context.Context, orgID, scopeID, entryType, key string, envTypeID *string) error

SoftDeleteVaultEntry marks a vault entry as deleted (recoverable).

func (*PostgresStore) StoreCertificate ¶

func (s *PostgresStore) StoreCertificate(ctx context.Context, rec *pkistore.CertRecord) error

func (*PostgresStore) StoreCertificateWithKey ¶

func (s *PostgresStore) StoreCertificateWithKey(ctx context.Context, rec *pkistore.CertRecord) error

func (*PostgresStore) StoreOrgCAWrap ¶

func (s *PostgresStore) StoreOrgCAWrap(ctx context.Context, record *keys.OrgCAWrapRecord) error

func (*PostgresStore) StoreToken ¶

func (s *PostgresStore) StoreToken(ctx context.Context, entry *auth.TokenEntry) error

func (*PostgresStore) UpdateCertificateStatus ¶

func (s *PostgresStore) UpdateCertificateStatus(ctx context.Context, serialNumber, status string) error

func (*PostgresStore) UpdateKeyStatus ¶

func (s *PostgresStore) UpdateKeyStatus(ctx context.Context, keyVersionID string, status string) error

func (*PostgresStore) UpsertOrgSecurityPolicy ¶

func (s *PostgresStore) UpsertOrgSecurityPolicy(ctx context.Context, policy *OrgSecurityPolicy) error

func (*PostgresStore) VerifyChain ¶

func (s *PostgresStore) VerifyChain(ctx context.Context, orgID string) (bool, error)

func (*PostgresStore) WriteVaultEntry ¶

func (s *PostgresStore) WriteVaultEntry(ctx context.Context, entry *VaultEntry) error

WriteVaultEntry inserts a new version of a vault entry.

type RedisStore ¶

type RedisStore struct {
	// contains filtered or unexported fields
}

RedisStore provides Redis operations for caching and rate limiting.

func NewRedisStore ¶

func NewRedisStore(ctx context.Context, redisURL string) (*RedisStore, error)

NewRedisStore creates a new RedisStore from a connection URL.

func (*RedisStore) CacheCRL ¶

func (s *RedisStore) CacheCRL(ctx context.Context, issuerSerial string, crlDER []byte, ttl time.Duration) error

CacheCRL stores a CRL in Redis with a TTL.

func (*RedisStore) Client ¶

func (s *RedisStore) Client() *redis.Client

Client returns the underlying Redis client.

func (*RedisStore) Close ¶

func (s *RedisStore) Close() error

Close closes the Redis connection.

func (*RedisStore) GetCachedCRL ¶

func (s *RedisStore) GetCachedCRL(ctx context.Context, issuerSerial string) ([]byte, error)

GetCachedCRL retrieves a cached CRL from Redis.

type VaultEntry ¶

type VaultEntry struct {
	ID             string
	OrgID          string
	ScopeID        string
	EntryType      string
	Key            string
	EnvTypeID      *string
	EncryptedValue []byte
	KeyVersionID   string
	Version        int
	CreatedAt      time.Time
	DeletedAt      *time.Time
	Destroyed      bool
	CreatedBy      *string
}

VaultEntry represents a row in the vault_entries table.

type VaultListItem ¶

type VaultListItem struct {
	Key           string
	LatestVersion int
	CreatedAt     time.Time
	UpdatedAt     time.Time
}

VaultListItem represents a summary entry for vault listing.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL