Skip to content

Commit

Permalink
Revert "chore: enable Vault (#598)" (#607)
Browse files Browse the repository at this point in the history 
This reverts commit a157038.
  • Loading branch information
@darora
darora committed Apr 5, 2023
1 parent a157038 commit c96f234
Show file tree
Hide file tree
Showing 6 changed files with 6 additions and 74 deletions.
4 changes: 2 additions & 2 deletions ansible/tasks/setup-extensions.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,8 +64,8 @@
- name: Install auto_explain
import_tasks: tasks/postgres-extensions/21-auto_explain.yml

- name: Install vault
import_tasks: tasks/postgres-extensions/23-vault.yml
# - name: Install vault
# import_tasks: tasks/postgres-extensions/23-vault.yml

- name: Install PGroonga
import_tasks: tasks/postgres-extensions/24-pgroonga.yml
Expand Down
2 changes: 1 addition & 1 deletion common.vars.pkr.hcl
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
postgres-version = "15.1.0.65"
postgres-version = "15.1.0.65-disable.vault"
3 changes: 1 addition & 2 deletions ebssurrogate/files/unit-tests/unit-test-01.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,7 @@ SELECT extensions_are(
'pg_graphql',
'pgcrypto',
'pgjwt',
'uuid-ossp',
'supabase_vault'
'uuid-ossp'
]
);

Expand Down
2 changes: 1 addition & 1 deletion migrations/db/migrations/20221207154255_create_pgsodium_and_vault.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,6 @@ grant execute on function pgsodium.crypto_aead_det_decrypt(bytea, bytea, uuid, b
grant execute on function pgsodium.crypto_aead_det_encrypt(bytea, bytea, uuid, bytea) to service_role;
grant execute on function pgsodium.crypto_aead_det_keygen to service_role;

create extension if not exists supabase_vault;
-- create extension if not exists supabase_vault;

-- migrate:down
67 changes: 0 additions & 67 deletions migrations/schema.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,13 +79,6 @@ CREATE SCHEMA realtime;
CREATE SCHEMA storage;


--
-- Name: vault; Type: SCHEMA; Schema: -; Owner: -
--

CREATE SCHEMA vault;


--
-- Name: pg_graphql; Type: EXTENSION; Schema: -; Owner: -
--
Expand Down Expand Up @@ -142,20 +135,6 @@ CREATE EXTENSION IF NOT EXISTS pgjwt WITH SCHEMA extensions;
COMMENT ON EXTENSION pgjwt IS 'JSON Web Token API for Postgresql';


--
-- Name: supabase_vault; Type: EXTENSION; Schema: -; Owner: -
--

CREATE EXTENSION IF NOT EXISTS supabase_vault WITH SCHEMA vault;


--
-- Name: EXTENSION supabase_vault; Type: COMMENT; Schema: -; Owner: -
--

COMMENT ON EXTENSION supabase_vault IS 'Supabase Vault Extension';


--
-- Name: uuid-ossp; Type: EXTENSION; Schema: -; Owner: -
--
Expand Down Expand Up @@ -573,28 +552,6 @@ END
$$;


--
-- Name: secrets_encrypt_secret_secret(); Type: FUNCTION; Schema: vault; Owner: -
--

CREATE FUNCTION vault.secrets_encrypt_secret_secret() RETURNS trigger
LANGUAGE plpgsql
AS $$
BEGIN
new.secret = CASE WHEN new.secret IS NULL THEN NULL ELSE
CASE WHEN new.key_id IS NULL THEN NULL ELSE pg_catalog.encode(
pgsodium.crypto_aead_det_encrypt(
pg_catalog.convert_to(new.secret, 'utf8'),
pg_catalog.convert_to((new.id::text || new.description::text || new.created_at::text || new.updated_at::text)::text, 'utf8'),
new.key_id::uuid,
new.nonce
),
'base64') END END;
RETURN new;
END;
$$;


SET default_tablespace = '';

SET default_table_access_method = heap;
Expand Down Expand Up @@ -781,30 +738,6 @@ CREATE TABLE storage.objects (
);


--
-- Name: decrypted_secrets; Type: VIEW; Schema: vault; Owner: -
--

CREATE VIEW vault.decrypted_secrets AS
SELECT secrets.id,
secrets.name,
secrets.description,
secrets.secret,
CASE
WHEN (secrets.secret IS NULL) THEN NULL::text
ELSE
CASE
WHEN (secrets.key_id IS NULL) THEN NULL::text
ELSE convert_from(pgsodium.crypto_aead_det_decrypt(decode(secrets.secret, 'base64'::text), convert_to(((((secrets.id)::text || secrets.description) || (secrets.created_at)::text) || (secrets.updated_at)::text), 'utf8'::name), secrets.key_id, secrets.nonce), 'utf8'::name)
END
END AS decrypted_secret,
secrets.key_id,
secrets.nonce,
secrets.created_at,
secrets.updated_at
FROM vault.secrets;


--
-- Name: refresh_tokens id; Type: DEFAULT; Schema: auth; Owner: -
--
Expand Down
2 changes: 1 addition & 1 deletion migrations/tests/extensions/test.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
\ir 20-pg_stat_monitor.sql
\ir 21-auto_explain.sql
\ir 22-pg_jsonschema.sql
\ir 23-vault.sql
-- \ir 23-vault.sql
\ir 24-pgroonga.sql
\ir 25-wrappers.sql
\ir 26-hypopg.sql
Expand Down

0 comments on commit c96f234

Please sign in to comment.