UpdateEncryptedAIProviderKey re-encrypts the api_key column of a key row, so that dbcrypt key rotation can move every FK reference to a new key digest before old keys are revoked.
(ctx context.Context, params database.UpdateEncryptedAIProviderKeyParams)
| 573 | // key row, so that dbcrypt key rotation can move every FK reference |
| 574 | // to a new key digest before old keys are revoked. |
| 575 | func (db *dbCrypt) UpdateEncryptedAIProviderKey(ctx context.Context, params database.UpdateEncryptedAIProviderKeyParams) (database.AIProviderKey, error) { |
| 576 | if strings.TrimSpace(params.APIKey) == "" { |
| 577 | params.ApiKeyKeyID = sql.NullString{} |
| 578 | } else if err := db.encryptField(¶ms.APIKey, ¶ms.ApiKeyKeyID); err != nil { |
| 579 | return database.AIProviderKey{}, err |
| 580 | } |
| 581 | |
| 582 | key, err := db.Store.UpdateEncryptedAIProviderKey(ctx, params) |
| 583 | if err != nil { |
| 584 | return database.AIProviderKey{}, err |
| 585 | } |
| 586 | if err := db.decryptAIProviderKey(&key); err != nil { |
| 587 | return database.AIProviderKey{}, err |
| 588 | } |
| 589 | return key, nil |
| 590 | } |
| 591 | |
| 592 | func (db *dbCrypt) decryptUserAIProviderKey(key *database.UserAiProviderKey) error { |
| 593 | return db.decryptField(&key.APIKey, key.ApiKeyKeyID) |
nothing calls this directly
no test coverage detected