feat: encryption keys in database (#3265)

* enable overwrite of adminUser fields in defaults.yaml * create schema and table * cli: create keys * cli: create keys * read encryptionkey from db * merge v2 * file names * cleanup defaults.yaml * remove custom errors * load encryptionKeys on start * cleanup * fix merge * update system defaults * fix error message
2025-08-11 21:37:32 +00:00 · 2022-03-14 07:55:09 +01:00
parent 7899a0b851
commit 5463244376
57 changed files with 1618 additions and 471 deletions
--- a/internal/config/systemdefaults/system_defaults.go
+++ b/internal/config/systemdefaults/system_defaults.go
@@ -6,25 +6,17 @@ import (
 	"golang.org/x/text/language"

 	"github.com/caos/zitadel/internal/crypto"
-	"github.com/caos/zitadel/internal/notification/channels/fs"
-	"github.com/caos/zitadel/internal/notification/channels/log"
-	"github.com/caos/zitadel/internal/notification/channels/twilio"
-	"github.com/caos/zitadel/internal/notification/templates"
 )

 type SystemDefaults struct {
-	DefaultLanguage             language.Tag
-	Domain                      string
-	ZitadelDocs                 ZitadelDocs
-	SecretGenerators            SecretGenerators
-	UserVerificationKey         *crypto.KeyConfig
-	IDPConfigVerificationKey    *crypto.KeyConfig
-	SMTPPasswordVerificationKey *crypto.KeyConfig
-	SMSVerificationKey          *crypto.KeyConfig
-	Multifactors                MultifactorConfig
-	DomainVerification          DomainVerification
-	Notifications               Notifications
-	KeyConfig                   KeyConfig
+	DefaultLanguage    language.Tag
+	Domain             string
+	ZitadelDocs        ZitadelDocs
+	SecretGenerators   SecretGenerators
+	Multifactors       MultifactorConfig
+	DomainVerification DomainVerification
+	Notifications      Notifications
+	KeyConfig          KeyConfig
 }

 type ZitadelDocs struct {
@@ -43,20 +35,16 @@ type MultifactorConfig struct {
 }

 type OTPConfig struct {
-	Issuer          string
-	VerificationKey *crypto.KeyConfig
+	Issuer string
 }

 type DomainVerification struct {
-	VerificationKey       *crypto.KeyConfig
 	VerificationGenerator crypto.GeneratorConfig
 }

 type Notifications struct {
-	DebugMode      bool
 	Endpoints      Endpoints
 	FileSystemPath string
-	//Providers Channels
 }

 type Endpoints struct {
@@ -67,20 +55,6 @@ type Endpoints struct {
 	PasswordlessRegistration string
 }

-type Channels struct {
-	Twilio     twilio.TwilioConfig
-	FileSystem fs.FSConfig
-	Log        log.LogConfig
-}
-
-type TemplateData struct {
-	InitCode      templates.TemplateData
-	PasswordReset templates.TemplateData
-	VerifyEmail   templates.TemplateData
-	VerifyPhone   templates.TemplateData
-	DomainClaimed templates.TemplateData
-}
-
 type KeyConfig struct {
 	Size                     int
 	PrivateKeyLifetime       time.Duration