feat: reland vault w/o pgsodium #1452
Conversation
This reverts commit 447f449.
soedirgo
force-pushed
the
feat/reland-vault-wo-pgsodium
branch
7 times, most recently
from
849d90c to
073e79b
Compare
soedirgo
force-pushed
the
feat/reland-vault-wo-pgsodium
branch
from
073e79b to
193941e
Compare
|
Just wanted to check the status of this; we need vault 0.3.1 since it fixes a bug where secrets cannot be empty. Any updates? |
|
Hey @barrownicholas, this should be available on new & upgraded projects in a few weeks |
| REENCRYPT_VAULT_SECRETS_QUERY=$(cat <<EOF | ||
| DO \$\$ | ||
| BEGIN | ||
| IF EXISTS (SELECT FROM pg_available_extension_versions WHERE name = 'supabase_vault' AND version = '0.3.0') |
There was a problem hiding this comment.
Is this supposed to be 0.3.0?? The PR is bumping it from 0.2.9 to 0.3.1, where does 0.3.0 come in from?
Also it feels like this patch would need to be executed even if in the future we were on e.g. 0.3.2, and we're likely going to forget to do so?
There was a problem hiding this comment.
Yep, the query runs for all versions >= 0.3.0. Vault >=0.3.1 would still have 0.3.0 in pg_available_extension_versions
|
@doublethink @staaldraad can you please have a look at this to make sure you don't see any known security issues with these changes, and thanks! |
* Reapply "feat: vault sans pgsodium" This reverts commit 447f449. * chore: update schema snapshots * chore: print regress diffs for easier debugging * chore: remove pgsodium priv checks * fix: move it out of if else * chore: bump version * chore: bump version
Reland #1431; the migration has been merged in #1442
Tested flows on local infra:
drop extension supabase_vault cascade;select * from vault.decrypted_secretsselect * from vault.decrypted_secretsdrop extension pgsodiumselect * from vault.decrypted_secretsselect * from vault.decrypted_secrets