dbcrypt

package

v2.21.3 Latest Latest Go to latest Published: Apr 29, 2025 License: AGPL-3.0 Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/coder/coder

Links

Open Source Insights

Documentation ¶

Overview ¶

Package dbcrypt provides a database.Store wrapper that encrypts/decrypts values stored at rest in the database.

Encryption is done using Ciphers, which is an abstraction over a set of encryption keys. Each key has a unique identifier, which is used to uniquely identify the key whilst maintaining secrecy.

Currently, AES-256-GCM is the only implemented cipher mode. The Cipher is currently used to encrypt/decrypt the following fields: - database.UserLink.OAuthAccessToken - database.UserLink.OAuthRefreshToken - database.GitAuthLink.OAuthAccessToken - database.GitAuthLink.OAuthRefreshToken - database.DBCryptSentinelValue

Multiple ciphers can be provided to support key rotation. The primary cipher is used to encrypt and decrypt all data. Secondary ciphers are only used for decryption and, as a general rule, should only be active when rotating keys.

Encryption keys are stored in the database in the table `dbcrypt_keys`. The table has the following schema:

number: the key number. This is used to avoid conflicts when rotating keys.
created_at: the time the key was created.
active_key_digest: the SHA256 digest of the active key. If null, the key has been revoked.
revoked_key_digest: the SHA256 digest of the revoked key. If null, the key has not been revoked.
revoked_at: the time the key was revoked. If null, the key has not been revoked.
test: the encrypted value of the string "coder". This is used to ensure that the key is valid.

Encrypted fields are stored in the database as a base64-encoded string. Each encrypted column MUST have a corresponding _key_id column that is a foreign key reference to `dbcrypt_keys.active_key_digest`. This ensures that a key cannot be revoked until all rows that use that key have been migrated to a new key.

Index ¶

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Decrypt ¶

func Decrypt(ctx context.Context, log slog.Logger, sqlDB *sql.DB, ciphers []Cipher) error

Decrypt decrypts all user tokens and revokes all ciphers.

func Delete ¶

func Delete(ctx context.Context, log slog.Logger, sqlDB *sql.DB) error

Delete deletes all user tokens and revokes all ciphers. This is a destructive operation and should only be used as a last resort, for example, if the database encryption key has been lost.

func New ¶

func New(ctx context.Context, db database.Store, ciphers ...Cipher) (database.Store, error)

New creates a database.Store wrapper that encrypts/decrypts values stored at rest in the database.

func Rotate ¶

func Rotate(ctx context.Context, log slog.Logger, sqlDB *sql.DB, ciphers []Cipher) error

Rotate rotates the database encryption keys by re-encrypting all user tokens with the first cipher and revoking all other ciphers.

Types ¶

type Cipher ¶

type Cipher interface {
	Encrypt([]byte) ([]byte, error)
	Decrypt([]byte) ([]byte, error)
	HexDigest() string
}

func NewCiphers ¶

func NewCiphers(keys ...[]byte) ([]Cipher, error)

NewCiphers is a convenience function for creating multiple ciphers. It currently only supports AES-256-GCM.

type DecryptFailedError ¶

type DecryptFailedError struct {
	Inner error
}

DecryptFailedError is returned when decryption fails.

func (*DecryptFailedError) Error ¶

func (e *DecryptFailedError) Error() string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL