feat: encryption keys in database (#3265)

* enable overwrite of adminUser fields in defaults.yaml * create schema and table * cli: create keys * cli: create keys * read encryptionkey from db * merge v2 * file names * cleanup defaults.yaml * remove custom errors * load encryptionKeys on start * cleanup * fix merge * update system defaults * fix error message
2025-08-11 19:07:30 +00:00 · 2022-03-14 07:55:09 +01:00
parent 7899a0b851
commit 5463244376
57 changed files with 1618 additions and 471 deletions
--- a/internal/crypto/file/file.go
+++ b/internal/crypto/file/file.go
@@ -0,0 +1,44 @@
+package file
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/caos/zitadel/internal/config"
+	"github.com/caos/zitadel/internal/crypto"
+)
+
+const (
+	ZitadelKeyPath = "ZITADEL_KEY_PATH"
+)
+
+type Storage struct{}
+
+func (d *Storage) ReadKeys() (crypto.Keys, error) {
+	path := os.Getenv(ZitadelKeyPath)
+	if path == "" {
+		return nil, fmt.Errorf("no path set, %s is empty", ZitadelKeyPath)
+	}
+	keys := new(crypto.Keys)
+	err := config.Read(keys, path)
+	return *keys, err
+}
+
+func (d *Storage) ReadKey(id string) (*crypto.Key, error) {
+	keys, err := d.ReadKeys()
+	if err != nil {
+		return nil, err
+	}
+	key, ok := keys[id]
+	if !ok {
+		return nil, fmt.Errorf("key no found")
+	}
+	return &crypto.Key{
+		ID:    id,
+		Value: key,
+	}, nil
+}
+
+func (d *Storage) CreateKeys(keys ...*crypto.Key) error {
+	return fmt.Errorf("this provider is not able to store new keys")
+}