grafana

Author	SHA1	Message	Date
Bruno	9a641c651f	secrets: update test to accept []byte(nil) and []byte{} (#110630 ) Co-authored-by: Matheus Macabu <macabu.matheus@gmail.com>	2025-09-05 10:19:57 -03:00
Bruno	6b5cacfade	use standard sql in secure_value_lease_inactive.sql (#110532 ) * use standard sql in secure_value_lease_inactive.sql * ci	2025-09-04 10:01:05 -03:00
Bruno	f8cd7049e8	Secrets: garbage collection (#110247 ) * clean up older secret versions * start gargbage collection worker as background service * make gen-go * fix typo * make update-workspace * undo go mod changes * undo go work sum changes * Update pkg/registry/apis/secret/garbagecollectionworker/worker.go Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> * Update pkg/registry/apis/secret/garbagecollectionworker/worker.go Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> * default gc_worker_batch_size to 1 minute * fix typo * fix typo * add test to ensure cleaning up secure values is idempotent * make gen-go * make update-workspace * undo go.mod and .sum changes * undo enterprise imports --------- Co-authored-by: Matheus Macabu <macabu.matheus@gmail.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>	2025-09-02 11:11:01 -03:00
Matheus Macabu	1e926a29c0	Secrets: Extract external facing decrypt types to apps (#110432 )	2025-09-02 10:30:29 +02:00
Matheus Macabu	85c567609d	Secrets: Add result label for decryption errors (#110213 )	2025-08-27 14:09:43 +02:00
lean.dev	21fc58f632	SecretsManager: fix span name for SetVersion operations (#110035 ) SecretsManager: fix span name for SetVersion operations	2025-08-22 12:01:41 +00:00
Matheus Macabu	10508d0614	Secret/Keepers: Return already exists error from DB when creating keeper (#109782 )	2025-08-18 14:42:55 +02:00
Matheus Macabu	dfae5e5b4d	Secrets: Add namespace matches checks to authorizer and secure value client (#109651 ) * Decrypt: Add namespace matches to authorizer * SecureValueClient: Add namespace matches when auth checking	2025-08-14 11:50:56 +02:00
lean.dev	3106abf1a6	SecretsManager: clear unused metrics and standarize labels(#109515 )	2025-08-13 14:01:50 +01:00
Ryan McKinley	ace670c6d0	Secrets: Support variadic args in decrypt service (#109280 )	2025-08-07 09:54:24 +00:00
Matheus Macabu	81f544e186	Secrets: Add service name as explicit parameter for Decrypt (#109054 ) * Secrets: Add service name as explicit parameter for Decrypt * Apply suggestions from code review Co-authored-by: Stephanie Hingtgen <stephanie.hingtgen@grafana.com> --------- Co-authored-by: Stephanie Hingtgen <stephanie.hingtgen@grafana.com>	2025-08-04 08:51:15 +02:00
Matheus Macabu	7374df7945	Secrets: Add inline secure value create method (#108987 )	2025-08-01 13:57:51 +02:00
lean.dev	e022b6593b	SecretsManager: fix log (#108970 )	2025-07-31 11:51:04 +00:00
Matheus Macabu	80d7892d6a	Secrets: Save owner reference fields in secure value db table (#108905 ) * Secrets: Save owner reference fields in secure value db table * Save api group and version separately	2025-07-31 10:42:19 +02:00
lean.dev	6bf542889a	SecretsManager: Refactor and clean metrics (#108908 )	2025-07-30 20:00:30 +01:00
Stephanie Hingtgen	ef9f9c2d8e	Secrets service: Allow decrypt through gRPC connection (#108365 )	2025-07-29 07:51:37 -05:00
Matheus Macabu	227799a9f8	Secrets: Add missing indices for secure value (list) and data key (list+read) (#108763 )	2025-07-28 14:25:06 +02:00
Dana Axinte	2ea77a7c05	SecretsManager: Add ability to list all encrypted values (#108512 ) * list all encrypted values and count * separate interfaces * add time filter to global queries * fix lint	2025-07-28 10:50:24 +01:00
Dana Axinte	b1b9cc43a8	SecretsManager: Adding ability to disable all DEKs (#108444 ) * Adding dek deactivation and rename list dek * disable data keys from manager * separate interface and don't use in encryption manager	2025-07-25 17:11:17 +01:00
lean.dev	69743ed1a4	SecretsManager: remove unused metric (#108694 )	2025-07-25 14:04:43 +00:00
Matheus Macabu	0e7b041b27	Secrets: Move decrypt types to contracts and export public at root pkg (#108376 ) * Secrets: Move decrypt types to contracts and export public at root pkg * Provisioning: Replace decrypt pkg imports * Merge wire changes	2025-07-23 12:14:28 +02:00
Bruno	12a7e03e2f	Secrets: encryptionStoreImpl produces metrics (#108390 )	2025-07-21 11:00:59 -03:00
Bruno	01692bc876	Secrets: remove unused SecureValueMetadataStorage.ReadForDecrypt method (#108181 ) * Secrets: remove unused SecureValueMetadataStorage.ReadForDecrypt method * remove unused struct: secureValueForDecrypt	2025-07-16 11:52:26 -03:00
Matheus Macabu	2c4bbf8b1d	Secrets: Reduce amount of feature toggle checks to only app entrypoint (#108110 ) * Secrets: Reduce amount of feature toggle checks to only app entrypoint * Wire: Fix merge conflict * Wire: Fix merge conflict	2025-07-16 10:56:59 +02:00
Matheus Macabu	3cda233468	Secrets: Remove temporary allowlist (#108118 )	2025-07-16 09:39:33 +02:00
Bruno	6fa3c196d4	Secrets: add example based testing that tries to decrypt deleted secure value (#108140 )	2025-07-15 15:40:52 -03:00
Matheus Macabu	403d6380fa	Secrets: Remove gating with experimental APIs feature toggle (#108058 )	2025-07-14 17:46:17 +02:00
Bruno	baa89f3eac	Secrets: encryption encryption storage uses versioning (#108036 ) * Secrets: delete unused FakeKeeper * Secrets: encrypted value storage stores versions * add version to span * trigger build * remove ineffectual assignment * lint * drop secret_encrypted_value.uid / add name and version columns	2025-07-14 09:28:07 -03:00
Matheus Macabu	9c1b2fb792	Secrets: Bump API version to v1beta1 (#108026 )	2025-07-11 19:14:05 +02:00
Bruno	9d0a23e1f5	Secrets: add crudl+decrypt state machine test (#107971 ) * Secrets: add state machine test for CRUDL+decrpt operations * make update-workspace * make update-workspace * make enterprise-dev * make update-workspace * fix go.mod * make update-workspace * fix gomod * make update-workspace --------- Co-authored-by: Matheus Macabu <macabu.matheus@gmail.com>	2025-07-11 09:40:50 -03:00
Bruno	8283d35e56	Secrets: make operations sync (#107732 ) * Secrets: make operations sync * k8s gen / update query to list secure values to include the version * always store new version of a secret * make update-workspace * go mod tidy * update queries * update queries * improve and use testutils in decrypt_store_test * fix broken test * make update-workspace * ./hack/update-codegen.sh secret * update Test_SecureValueMetadataStorage_CreateAndRead * undo dependency changes * linter: fix remaining errors --------- Co-authored-by: Matheus Macabu <macabu.matheus@gmail.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>	2025-07-09 10:43:34 -03:00
Dana Axinte	46c38fdbb7	SecretsManager: Introduce worker and secret async service (#107614 ) SecretsManager: Introduce worker and secret aysnc service Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com>	2025-07-04 13:13:48 +01:00
Dana Axinte	15e1aa8855	SecretsManager: Introduce decrypt store (#107586 ) Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com> Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com>	2025-07-04 09:22:10 +01:00
Dana Axinte	a59ec345c2	SecretsManager: Introduce metrics and logs (#107582 ) Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com>	2025-07-03 17:32:18 +01:00
Dana Axinte	cfd3b9f582	SecretsManager: outbox use message id (#107472 ) * SecretsManager: outbox use message id Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com> * Remove query timestamp * Add missing query --------- Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> Co-authored-by: Matheus Macabu <macabu.matheus@gmail.com>	2025-07-03 15:21:47 +01:00
Dana Axinte	4d8678c7f2	SecretsManager: Add base encryption manager (#107562 ) Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>	2025-07-03 11:29:14 +01:00
Matheus Macabu	f32d944b23	Secrets: Add initial tracing instrumentation (#107513 )	2025-07-02 14:43:36 +02:00
Dana Axinte	01c844b69f	SecretsManager: Revert adding data key tracer (#107499 ) Remove data key tracer	2025-07-02 09:09:12 +01:00
Dana Axinte	0fccc01ebe	SecretsManager: add data key store (#107396 ) * SecretsManager: Add data key store Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com> * SecretsManager: Add wiring of data key store Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com> --------- Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>	2025-06-30 17:17:07 +01:00
Dana Axinte	dbe815ee68	SecretsManager: keepers with secure values credentials (#106761 ) * SecretsManager: keepers with secure values Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com> * Keepers: Refactor extract secure values remove extra helper functions Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> --------- Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>	2025-06-16 14:37:36 +01:00
Dana Axinte	6097841e67	SecretsManager: add secure value store (#106708 ) * SecretsManager: add secure value model and sql templates Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com> Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com> Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com> * SecretsManager: secure value rest layer to use store Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com> Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com> Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com> * SecretsManager: temporary add actor prefix to decrypters * Remove list securevalue by namefor now --------- Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com> Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com>	2025-06-16 10:19:44 +01:00
Dana Axinte	de28231f2f	SecretsManager: Add outbox store (#106613 ) SecretsManager: add outbox store Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>	2025-06-12 13:31:48 +01:00
Dana Axinte	c22b4845bb	SecretsManager: Add encrypted value store (#106607 ) * SecretsManager: add encrypted value store Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com> Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com> * SecretsManager: wiring of encrypted value store --------- Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com>	2025-06-12 11:52:01 +01:00
Dana Axinte	5401175562	SecretsManager: Conditionally lock DB before migrations using config setting (#106003 ) Secrets: Conditionally lock DB before migrations using config setting (#105949) Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>	2025-05-26 18:28:53 +01:00
Dana Axinte	7f2923d4ed	SecretsManager: Introduce keeper store (#105557 ) * SecretsManager: Introduce secret database wrapper Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com> Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com> Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> * SecretsManager: Introduce db migrator with keeper table Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com> Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com> Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> * SecretsManager: Introduce keeper store Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com> Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> * new line * without query listByNameSecureValue * remove unused extractSecureValues for now * SecretsManager: Add keeper integration tests Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com> Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> --------- Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com> Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>	2025-05-22 14:26:47 +01:00
Dana Axinte	6e5e133f7d	SecretsManager: Introduce db migrator with keeper table (#105538 ) Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com> Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>	2025-05-21 15:02:51 +01:00
Dana Axinte	a7922912fe	SecretsManager: Introduce secrets database wrapper (#105472 ) SecretsManager: Introduce secret database wrapper Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com> Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>	2025-05-20 11:48:47 +01:00
Dana Axinte	8c64078965	SecretsManager: Keeper and secure value contracts, secretkeeper changes (#105379 ) Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>	2025-05-14 15:24:25 +01:00
Matheus Macabu	3aba5cb2b7	SecretsManager: Bootstrap API service (#102444 ) Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com> Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com>	2025-03-19 13:41:29 +01:00

49 Commits