Skip to content

Commit

Permalink
add custom key id to create_secret and test. (#16)
Browse files Browse the repository at this point in the history 
* add custom key id to create_secret and test.

* bump version

Co-authored-by: Michel Pelletier <[email protected]>
  • Loading branch information
@michelp
michelp and Michel Pelletier authored Dec 7, 2022
1 parent 7c7f5a6 commit 816a05f
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 9 deletions.
11 changes: 8 additions & 3 deletions sql/supabase_vault--0.2.0.sql → sql/supabase_vault--0.2.1.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,10 +37,15 @@ GRANT ALL PRIVILEGES ON vault.decrypted_secrets TO pgsodium_keyiduser;
CREATE OR REPLACE FUNCTION vault.create_secret(
new_secret text,
new_name text = NULL,
new_description text = '') RETURNS uuid AS
new_description text = '',
new_key_id uuid = NULL) RETURNS uuid AS
$$
INSERT INTO vault.secrets (secret, name, description)
VALUES (new_secret, new_name, new_description)
INSERT INTO vault.secrets (secret, name, description, key_id)
VALUES (
new_secret,
new_name,
new_description,
CASE WHEN new_key_id IS NULL THEN (pgsodium.create_key()).id ELSE new_key_id END)
RETURNING id;
$$ LANGUAGE SQL;

Expand Down
2 changes: 1 addition & 1 deletion supabase_vault.control
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
comment = 'Supabase Vault Extension'
default_version = '0.2.0'
default_version = '0.2.1'
relocatable = false
schema = vault
requires = pgsodium
26 changes: 21 additions & 5 deletions test.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,19 +13,31 @@ BEGIN;
CREATE EXTENSION IF NOT EXISTS pgtap;
CREATE EXTENSION supabase_vault CASCADE;

select plan(3);
select plan(4);

CREATE ROLE bob login password 'bob';
GRANT pgsodium_keyiduser TO bob;

select vault.create_secret ('s3kr3t_k3y', 'a_name', 'this is the foo key') test_secret_id \gset

select vault.create_secret (
's3kr3t_k3y_2', 'another_name', 'this is another foo key',
(select id from pgsodium.key where name = 'default_vault_key')) test_secret_id \gset

SELECT results_eq(
$$
SELECT decrypted_secret = 's3kr3t_k3y', description = 'this is the foo key'
FROM vault.decrypted_secrets WHERE name = 'a_name';
$$,
$$VALUES (true, true)$$,
'can select from masking view with custome key');

SELECT results_eq(
$$
SELECT decrypted_secret = 's3kr3t_k3y_2', description = 'this is another foo key'
FROM vault.decrypted_secrets WHERE key_id = (select id from pgsodium.key where name = 'default_vault_key');
$$,
$$VALUES (true, true)$$,
'can select from masking view');

select vault.update_secret(
Expand All @@ -51,10 +63,12 @@ select plan(3);
select vault.create_secret ('foo', 'bar', 'baz') bob_secret_id \gset

select results_eq(
format($test$
format(
$test$
SELECT (decrypted_secret COLLATE "default"), name, description FROM vault.decrypted_secrets
WHERE id = %L::uuid
$test$, :'bob_secret_id'),
$test$,
:'bob_secret_id'),
$results$values ('foo', 'bar', 'baz')$results$,
'bob can query a secret');

Expand All @@ -75,11 +89,13 @@ select results_eq(
select vault.update_secret(:'bob_secret_id', new_key_id:=(pgsodium.create_key()).id);

select results_eq(
format($test$
format(
$test$
SELECT (decrypted_secret COLLATE "default"), name, description
FROM vault.decrypted_secrets
WHERE id = %L::uuid;
$test$, :'bob_secret_id'),
$test$,
:'bob_secret_id'),
$results$values ('fooz', 'barz', 'bazz')$results$,
'bob can rotate a key id');

Expand Down

0 comments on commit 816a05f

Please sign in to comment.