mirror of https://github.com/coder/coder.git synced 2025-07-09 11:45:56 +00:00

Files

Cian Johnston 7d7c84bb4d feat(coderd): connect dbcrypt package implementation (#9523 )

See also: https://github.com/coder/coder/pull/9522

- Adds commands `server dbcrypt {rotate,decrypt,delete}` to re-encrypt, decrypt, or delete encrypted data, respectively.
- Plumbs through dbcrypt in enterprise/coderd (including unit tests).
- Adds documentation in admin/encryption.md.

This enables dbcrypt by default, but the feature is soft-enforced on supplying external token encryption keys. Without specifying any keys, encryption/decryption is a no-op.

2023-09-07 15:49:49 +01:00

1.4 KiB

Generated

Raw Blame History

server dbcrypt rotate

Rotate database encryption keys.

Usage

coder server dbcrypt rotate [flags]

Options

--new-key


Type	`string`
Environment	`$CODER_EXTERNAL_TOKEN_ENCRYPTION_ENCRYPT_NEW_KEY`

The new external token encryption key. Must be base64-encoded.

--old-keys


Type	`string-array`
Environment	`$CODER_EXTERNAL_TOKEN_ENCRYPTION_ENCRYPT_OLD_KEYS`

The old external token encryption keys. Must be a comma-separated list of base64-encoded keys.

--postgres-url


Type	`string`
Environment	`$CODER_PG_CONNECTION_URL`

The connection URL for the Postgres database.

-y, --yes


Type	`bool`

Bypass prompts.

1.4 KiB Generated Raw Blame History