public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
60,617 Commits 655 Branches 650 Tags
8eef17cb37fc3b56cab9b052d80b6ded998912c7
Commit Graph

22 Commits

Author SHA1 Message Date
Bruno baa89f3eac Secrets: encryption encryption storage uses versioning (#108036) 
* Secrets: delete unused FakeKeeper

* Secrets: encrypted value storage stores versions

* add version to span

* trigger build

* remove ineffectual assignment

* lint

* drop secret_encrypted_value.uid / add name and version columns
 2025-07-14 09:28:07 -03:00
Matheus Macabu 9c1b2fb792 Secrets: Bump API version to v1beta1 (#108026) 2025-07-11 19:14:05 +02:00
Bruno 9d0a23e1f5 Secrets: add crudl+decrypt state machine test (#107971) 
* Secrets: add state machine test for CRUDL+decrpt operations

* make update-workspace

* make update-workspace

* make enterprise-dev

* make update-workspace

* fix go.mod

* make update-workspace

* fix gomod

* make update-workspace

---------

Co-authored-by: Matheus Macabu <macabu.matheus@gmail.com>
 2025-07-11 09:40:50 -03:00
Bruno 8283d35e56 Secrets: make operations sync (#107732) 
* Secrets: make operations sync

* k8s gen / update query to list secure values to include the version

* always store new version of a secret

* make update-workspace

* go mod tidy

* update queries

* update queries

* improve and use testutils in decrypt_store_test

* fix broken test

* make update-workspace

* ./hack/update-codegen.sh secret

* update Test_SecureValueMetadataStorage_CreateAndRead

* undo dependency changes

* linter: fix remaining errors

---------

Co-authored-by: Matheus Macabu <macabu.matheus@gmail.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
 2025-07-09 10:43:34 -03:00
Dana Axinte 46c38fdbb7 SecretsManager: Introduce worker and secret async service (#107614) 
SecretsManager: Introduce worker and secret aysnc service

Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com>
 2025-07-04 13:13:48 +01:00
Dana Axinte 15e1aa8855 SecretsManager: Introduce decrypt store (#107586) 
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com>
Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com>
 2025-07-04 09:22:10 +01:00
Dana Axinte a59ec345c2 SecretsManager: Introduce metrics and logs (#107582) 
Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com>
 2025-07-03 17:32:18 +01:00
Dana Axinte cfd3b9f582 SecretsManager: outbox use message id (#107472) 
* SecretsManager: outbox use message id

Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com>

* Remove query timestamp

* Add missing query

---------

Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
Co-authored-by: Matheus Macabu <macabu.matheus@gmail.com>
 2025-07-03 15:21:47 +01:00
Dana Axinte 4d8678c7f2 SecretsManager: Add base encryption manager (#107562) 
Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
 2025-07-03 11:29:14 +01:00
Matheus Macabu f32d944b23 Secrets: Add initial tracing instrumentation (#107513) 2025-07-02 14:43:36 +02:00
Dana Axinte 01c844b69f SecretsManager: Revert adding data key tracer (#107499) 
Remove data key tracer
 2025-07-02 09:09:12 +01:00
Dana Axinte 0fccc01ebe SecretsManager: add data key store (#107396) 
* SecretsManager: Add data key store

Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com>

* SecretsManager: Add wiring of data key store

Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com>

---------

Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
 2025-06-30 17:17:07 +01:00
Dana Axinte dbe815ee68 SecretsManager: keepers with secure values credentials (#106761) 
* SecretsManager: keepers with secure values

Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com>

* Keepers: Refactor extract secure values remove extra helper functions

Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>

---------

Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
 2025-06-16 14:37:36 +01:00
Dana Axinte 6097841e67 SecretsManager: add secure value store (#106708) 
* SecretsManager: add secure value model and sql templates

Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com>
Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com>
Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com>

* SecretsManager: secure value rest layer to use store

Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com>
Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com>
Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com>

* SecretsManager: temporary add actor prefix to decrypters

* Remove list securevalue by namefor now

---------

Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com>
Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com>
 2025-06-16 10:19:44 +01:00
Dana Axinte de28231f2f SecretsManager: Add outbox store (#106613) 
SecretsManager: add outbox store

Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
 2025-06-12 13:31:48 +01:00
Dana Axinte c22b4845bb SecretsManager: Add encrypted value store (#106607) 
* SecretsManager: add encrypted value store

Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com>
Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com>

* SecretsManager: wiring of encrypted value store

---------

Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com>
 2025-06-12 11:52:01 +01:00
Dana Axinte 5401175562 SecretsManager: Conditionally lock DB before migrations using config setting (#106003) 
Secrets: Conditionally lock DB before migrations using config setting (#105949)

Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
 2025-05-26 18:28:53 +01:00
Dana Axinte 7f2923d4ed SecretsManager: Introduce keeper store (#105557) 
* SecretsManager: Introduce secret database wrapper

Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com>
Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com>
Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>

* SecretsManager: Introduce db migrator with keeper table

Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com>
Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com>
Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>

* SecretsManager: Introduce keeper store

Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com>
Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>

* new line

* without query listByNameSecureValue

* remove unused extractSecureValues for now

* SecretsManager: Add keeper integration tests

Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com>
Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>

---------

Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com>
Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
 2025-05-22 14:26:47 +01:00
Dana Axinte 6e5e133f7d SecretsManager: Introduce db migrator with keeper table (#105538) 
Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com>
Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
 2025-05-21 15:02:51 +01:00
Dana Axinte a7922912fe SecretsManager: Introduce secrets database wrapper (#105472) 
SecretsManager: Introduce secret database wrapper

Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com>
Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
 2025-05-20 11:48:47 +01:00
Dana Axinte 8c64078965 SecretsManager: Keeper and secure value contracts, secretkeeper changes (#105379) 
Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
 2025-05-14 15:24:25 +01:00
Matheus Macabu 3aba5cb2b7 SecretsManager: Bootstrap API service (#102444) 
Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com>
Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com>
 2025-03-19 13:41:29 +01:00