coder
diff --git a/‎coderd/database/dbauthz/dbauthz.go
Lines changed: 4 additions & 0 deletions b/‎coderd/database/dbauthz/dbauthz.go
Lines changed: 4 additions & 0 deletions
diff --git a/‎coderd/database/dbmem/dbmem.go
Lines changed: 9 additions & 0 deletions b/‎coderd/database/dbmem/dbmem.go
Lines changed: 9 additions & 0 deletions
diff --git a/‎coderd/database/dbmetrics/querymetrics.go
Lines changed: 7 additions & 0 deletions b/‎coderd/database/dbmetrics/querymetrics.go
Lines changed: 7 additions & 0 deletions
diff --git a/‎coderd/database/dump.sql
Lines changed: 22 additions & 0 deletions b/‎coderd/database/dump.sql
Lines changed: 22 additions & 0 deletions
diff --git a/‎coderd/database/foreign_key_constraint.go
Lines changed: 2 additions & 0 deletions b/‎coderd/database/foreign_key_constraint.go
Lines changed: 2 additions & 0 deletions
diff --git a/‎coderd/database/migrations/000349_add_user_secrets.down.sql
Lines changed: 1 addition & 0 deletions b/‎coderd/database/migrations/000349_add_user_secrets.down.sql
Lines changed: 1 addition & 0 deletions
diff --git a/‎coderd/database/migrations/000349_add_user_secrets.up.sql
Lines changed: 21 additions & 0 deletions b/‎coderd/database/migrations/000349_add_user_secrets.up.sql
Lines changed: 21 additions & 0 deletions
diff --git a/‎coderd/database/models.go
Lines changed: 11 additions & 0 deletions b/‎coderd/database/models.go
Lines changed: 11 additions & 0 deletions
diff --git a/‎coderd/database/querier.go
Lines changed: 8 additions & 0 deletions b/‎coderd/database/querier.go
Lines changed: 8 additions & 0 deletions
diff --git a/‎coderd/database/queries.sql.go
Lines changed: 59 additions & 0 deletions b/‎coderd/database/queries.sql.go
Lines changed: 59 additions & 0 deletions
@@ -3871,6 +3871,10 @@ func (q *querier) InsertUserLink(ctx context.Context, arg database.InsertUserLin
 	return q.db.InsertUserLink(ctx, arg)
 }
 
+func (q *querier) InsertUserSecret(ctx context.Context, arg database.InsertUserSecretParams) (database.UserSecret, error) {
+	panic("not implemented")
+}
+
 func (q *querier) InsertVolumeResourceMonitor(ctx context.Context, arg database.InsertVolumeResourceMonitorParams) (database.WorkspaceAgentVolumeResourceMonitor, error) {
 	if err := q.authorizeContext(ctx, policy.ActionCreate, rbac.ResourceWorkspaceAgentResourceMonitor); err != nil {
 		return database.WorkspaceAgentVolumeResourceMonitor{}, err
 
@@ -9710,6 +9710,15 @@ func (q *FakeQuerier) InsertUserLink(_ context.Context, args database.InsertUser
 	return link, nil
 }
 
+func (q *FakeQuerier) InsertUserSecret(ctx context.Context, arg database.InsertUserSecretParams) (database.UserSecret, error) {
+	err := validateDatabaseType(arg)
+	if err != nil {
+		return database.UserSecret{}, err
+	}
+
+	panic("not implemented")
+}
+
 func (q *FakeQuerier) InsertVolumeResourceMonitor(_ context.Context, arg database.InsertVolumeResourceMonitorParams) (database.WorkspaceAgentVolumeResourceMonitor, error) {
 	err := validateDatabaseType(arg)
 	if err != nil {
 
@@ -0,0 +1 @@
+DROP TABLE user_secrets;
@@ -0,0 +1,21 @@
+-- Stores encrypted user secrets (global, available across all organizations)
+CREATE TABLE user_secrets (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+    name TEXT NOT NULL,
+    description TEXT,
+
+    -- The encrypted secret value (base64-encoded encrypted data)
+    value TEXT NOT NULL,
+
+    -- The ID of the key used to encrypt the secret value.
+    -- If this is NULL, the secret value is not encrypted.
+    value_key_id TEXT REFERENCES dbcrypt_keys(active_key_digest),
+
+    -- Timestamps
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP NOT NULL,
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP NOT NULL
+);
+
+-- Unique constraint: user can't have duplicate secret names
+CREATE UNIQUE INDEX user_secrets_user_name_idx ON user_secrets(user_id, name);