forked from taskcluster/taskcluster
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path0042-migration.sql
24 lines (22 loc) · 948 Bytes
/
0042-migration.sql
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
begin
-- lock this table before reading from it, to prevent loss of concurrent
-- updates when the table is dropped. Note that this may lead to concurrent
-- updates failing; the important thing is that they not succeed without
-- taking effect. Failed updates will be retried.
lock table secrets_entities;
create table secrets
as
select
(value ->> 'name')::text as name,
entity_to_crypto_container_v0(value,'secret') as encrypted_secret,
(value ->> 'expires')::timestamptz as expires
from secrets_entities;
alter table secrets add primary key (name);
alter table secrets
alter column name set not null,
alter column encrypted_secret set not null,
alter column expires set not null;
revoke select, insert, update, delete on secrets_entities from $db_user_prefix$_secrets;
drop table secrets_entities;
grant select, insert, update, delete on secrets to $db_user_prefix$_secrets;
end