gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-11 03:58:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
shankar0123
2026-05-05 18:18:29 +00:00
parent 7c5cc57d75
commit 75097909e9
71 changed files with 95 additions and 771 deletions
Download Patch File Download Diff File Expand all files Collapse all files
migrations/000026_renewal_policy_channel_matrix.up.sql
+2 -2
View File
@@ -1,5 +1,5 @@
-- Rank 4 of the 2026-05-03 Infisical deep-research deliverable
-- (cowork/infisical-deep-research-results.md Part 5). Adds the
-- (the project's deep-research deliverable, Part 5). Adds the
-- per-policy channel matrix that the multi-channel expiry-alert
-- routing reads from. Two JSONB columns:
--
@@ -16,7 +16,7 @@
--
-- Both columns use IF NOT EXISTS so the migration is idempotent —
-- safe to re-run on every certctl-server boot per the
-- "Idempotent migrations" architecture decision in CLAUDE.md.
-- the project's "Idempotent migrations" architecture decision.
ALTER TABLE renewal_policies
ADD COLUMN IF NOT EXISTS alert_channels JSONB NOT NULL DEFAULT '{}'::jsonb,
migrations/000027_approval_workflow.up.sql
+2 -2
View File
@@ -1,6 +1,6 @@
-- 000027_approval_workflow.up.sql
-- Rank 7 of the 2026-05-03 Infisical deep-research deliverable
-- (cowork/infisical-deep-research-results.md Part 5). Two-person
-- (the project's deep-research deliverable, Part 5). Two-person
-- integrity / four-eyes principle for compliance-tier certificate
-- issuance. CertificateProfile.RequiresApproval gates the renewal-
-- loop entry; issuance_approval_requests captures the per-job
@@ -8,7 +8,7 @@
--
-- All operations use IF NOT EXISTS / IF EXISTS so the migration is
-- idempotent — safe to re-run on every certctl-server boot per the
-- "Idempotent migrations" architecture decision in CLAUDE.md.
-- the project's "Idempotent migrations" architecture decision.
--
-- Existing scaffolding REUSED (not redefined here):
-- - JobStatusAwaitingApproval enum value (internal/domain/job.go).
migrations/000028_intermediate_ca_hierarchy.up.sql
+1 -1
View File
@@ -7,7 +7,7 @@
--
-- All operations use IF NOT EXISTS / IF EXISTS so the migration is
-- idempotent — safe to re-run on every certctl-server boot per the
-- "Idempotent migrations" architecture decision in CLAUDE.md.
-- the project's "Idempotent migrations" architecture decision.
--
-- Defense in depth: NEVER persist CA private key bytes. The
-- key_driver_id column is a reference (filesystem path / KMS key ID