Updating the name of an encrypted column does not update the corresponding column in the decrypted view

supabase / vault

Extension for storing encrypted secrets in the Vault

Apache License 2.0

163 stars 9 forks source link

Updating the name of an encrypted column does not update the corresponding column in the decrypted view #14

Open joshenlim opened 1 year ago

joshenlim commented 1 year ago

if i have an encrypted column named address, and i rename the column to address_new, the decrypted view's address and decrypted_address do not get updated

i also can’t delete the address_new column, as it throws the following error: Failed to delete address_new: property cascade should not exist

michelp commented 1 year ago

This one is tricky because having the event fire for all ALTER TABLE statements might be overly aggressive, and we're not sure what other event triggers may be firing on the same event. I think we should wait and see what comes out of the work on adding support for JSON representation of the parsed SQL in a ddl_command_start trigger, that way we can fire the trigger, look at the parsed tree, and verify that we're only firing on tables that actually contain encrypted columns.