feat: encryption keys in database (#3265)

* enable overwrite of adminUser fields in defaults.yaml * create schema and table * cli: create keys * cli: create keys * read encryptionkey from db * merge v2 * file names * cleanup defaults.yaml * remove custom errors * load encryptionKeys on start * cleanup * fix merge * update system defaults * fix error message
2025-08-12 03:57:32 +00:00 · 2022-03-14 07:55:09 +01:00
parent 7899a0b851
commit 5463244376
57 changed files with 1618 additions and 471 deletions
--- a/internal/authz/repository/eventsourcing/repository.go
+++ b/internal/authz/repository/eventsourcing/repository.go
@@ -26,7 +26,7 @@ type EsRepository struct {
 	eventstore.TokenVerifierRepo
 }

-func Start(conf Config, systemDefaults sd.SystemDefaults, queries *query.Queries, dbClient *sql.DB, keyConfig *crypto.KeyConfig) (repository.Repository, error) {
+func Start(conf Config, systemDefaults sd.SystemDefaults, queries *query.Queries, dbClient *sql.DB, keyEncryptionAlgorithm crypto.EncryptionAlgorithm) (repository.Repository, error) {
 	es, err := v1.Start(dbClient)
 	if err != nil {
 		return nil, err
@@ -40,18 +40,13 @@ func Start(conf Config, systemDefaults sd.SystemDefaults, queries *query.Queries

 	spool := spooler.StartSpooler(conf.Spooler, es, view, dbClient, systemDefaults)

-	keyAlgorithm, err := crypto.NewAESCrypto(keyConfig)
-	if err != nil {
-		return nil, err
-	}
-
 	return &EsRepository{
 		spool,
 		eventstore.UserMembershipRepo{
 			View: view,
 		},
 		eventstore.TokenVerifierRepo{
-			TokenVerificationKey: keyAlgorithm,
+			TokenVerificationKey: keyEncryptionAlgorithm,
 			Eventstore:           es,
 			View:                 view,
 			Query:                queries,