feat: encryption keys in database (#3265)

* enable overwrite of adminUser fields in defaults.yaml * create schema and table * cli: create keys * cli: create keys * read encryptionkey from db * merge v2 * file names * cleanup defaults.yaml * remove custom errors * load encryptionKeys on start * cleanup * fix merge * update system defaults * fix error message
2025-08-12 01:47:33 +00:00 · 2022-03-14 07:55:09 +01:00
parent 7899a0b851
commit 5463244376
57 changed files with 1618 additions and 471 deletions
--- a/internal/query/projection/key.go
+++ b/internal/query/projection/key.go
@@ -26,17 +26,15 @@ const (
 	KeyPublicTable     = KeyProjectionTable + "_" + publicKeyTableSuffix
 )

-func NewKeyProjection(ctx context.Context, config crdb.StatementHandlerConfig, keyConfig *crypto.KeyConfig, keyChan chan<- interface{}) (_ *KeyProjection, err error) {
+func NewKeyProjection(ctx context.Context, config crdb.StatementHandlerConfig, keyEncryptionAlgorithm crypto.EncryptionAlgorithm, keyChan chan<- interface{}) *KeyProjection {
 	p := new(KeyProjection)
 	config.ProjectionName = KeyProjectionTable
 	config.Reducers = p.reducers()
 	p.StatementHandler = crdb.NewStatementHandler(ctx, config)
 	p.keyChan = keyChan
-	p.encryptionAlgorithm, err = crypto.NewAESCrypto(keyConfig)
-	if err != nil {
-		return nil, err
-	}
-	return p, nil
+	p.encryptionAlgorithm = keyEncryptionAlgorithm
+
+	return p
 }

 func (p *KeyProjection) reducers() []handler.AggregateReducer {