Terminal / migrations /s360_vault_persistence.sql
Pulka
feat(sprint2): add vault_entries Supabase migration (run once in SQL editor)
bbe38b8 verified
Raw
History Blame Contribute Delete
1.08 kB
-- S360 — Vault encrypted-secret persistence (Sprint 2)
-- Run ONCE in Supabase SQL Editor: Dashboard → SQL Editor → New query → Run.
-- All statements are idempotent (IF NOT EXISTS).
-- ── vault_entries ─────────────────────────────────────────────────────────────
-- Stores AES-XOR-HMAC encrypted secrets. Plaintext is NEVER stored.
-- VAULT_KEY (HF Space secret) is required to decrypt values.
CREATE TABLE IF NOT EXISTS vault_entries (
key TEXT PRIMARY KEY,
value TEXT NOT NULL, -- base64(HMAC_sig || XOR-ciphertext)
description TEXT NOT NULL DEFAULT '',
created_at BIGINT NOT NULL DEFAULT 0,
updated_at BIGINT NOT NULL DEFAULT 0
);
-- Optional RLS (recommended if project uses it)
-- ALTER TABLE vault_entries ENABLE ROW LEVEL SECURITY;
-- CREATE POLICY "service only" ON vault_entries FOR ALL USING (auth.role() = 'service_role');
-- Confirm
SELECT 'vault_entries table ready' AS status;