You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As an administrator of ZITADEL I want to mirror my data to an already existing database, this includes already generated encryption keys, so that I can mirror the data to an already existing database.
The Idea is that you can share an instance with other persons without sharing your secrets.
Open questions
How to decrypt and encrypt the event payload during mirror?
The content you are editing has changed. Please copy your edits and refresh the page.
# Which Problems Are Solved
Adds the possibility to mirror an existing database to a new one.
For that a new command was added `zitadel mirror`. Including it's
subcommands for a more fine grained mirror of the data.
Sub commands:
* `zitadel mirror eventstore`: copies only events and their unique
constraints
* `zitadel mirror system`: mirrors the data of the `system`-schema
* `zitadel mirror projections`: runs all projections
* `zitadel mirror auth`: copies auth requests
* `zitadel mirror verify`: counts the amount of rows in the source and
destination database and prints the diff.
The command requires one of the following flags:
* `--system`: copies all instances of the system
* `--instance <instance-id>`, `--instance <comma separated list of
instance ids>`: copies only the defined instances
The command is save to execute multiple times by adding the
`--replace`-flag. This replaces currently existing data except of the
`events`-table
# Additional Changes
A `--for-mirror`-flag was added to `zitadel setup` to prepare the new
database. The flag skips the creation of the first instances and initial
run of projections.
It is now possible to skip the creation of the first instance during
setup by setting `FirstInstance.Skip` to true in the steps
configuration.
# Additional info
It is currently not possible to merge multiple databases. See
#7964 for more details.
It is currently not possible to use files. See
#7966 for more information.
closes#7586closes#7486
### Definition of Ready
- [x] I am happy with the code
- [x] Short description of the feature/issue is added in the pr
description
- [x] PR is linked to the corresponding user story
- [x] Acceptance criteria are met
- [x] All open todos and follow ups are defined in a new ticket and
justified
- [x] Deviations from the acceptance criteria and design are agreed with
the PO and documented.
- [x] No debug or dead code
- [x] My code has no repetitions
- [x] Critical parts are tested automatically
- [ ] Where possible E2E tests are implemented
- [x] Documentation/examples are up-to-date
- [x] All non-functional requirements are met
- [x] Functionality of the acceptance criteria is checked manually on
the dev system.
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
As an administrator of ZITADEL I want to mirror my data to an already existing database, this includes already generated encryption keys, so that I can mirror the data to an already existing database.
The Idea is that you can share an instance with other persons without sharing your secrets.
Open questions
Acceptance criteria
Additional info
The following events include encrypted data in the payload:
idpintent.saml.succeeded: {assertion}
idpintent.succeeded: idp{idpAccessToken}
instance.idp.oauth.added: {clientSecret}
instance.idp.oidc.added: {clientSecret}
instance.idp.oidc.migrated.azure: {client_secret}
instance.idp.oidc.migrated.google: {clientSecret}
instance.idp.azure.added: {client_secret}
instance.idp.github.added: {clientSecret}
instance.idp.github_enterprise.added: {clientSecret}
instance.idp.gitlab.added: {client_secret}
instance.idp.gitlab_self_hosted.added: {client_secret}
instance.idp.google.added: {clientSecret}
instance.idp.ldap.v2.added: {bindPassword}
instance.idp.apple.added: {privateKey}
instance.idp.saml.added: {key} //TODO: do we need to decrypt the key?
iam.idp.oidc.config.added: {clientSecret}
org.idp.oauth.added: {clientSecret}
org.idp.oidc.added: {clientSecret}
org.idp.oidc.migrated.azure: {client_secret}
org.idp.oidc.migrated.google: {clientSecret}
org.idp.azure.added: {client_secret}
org.idp.github.added: {clientSecret}
org.idp.github_enterprise.added: {clientSecret}
org.idp.gitlab.added: {client_secret}
org.idp.gitlab_self_hosted.added: {client_secret}
org.idp.google.added: {clientSecret}
org.idp.ldap.v2.added: {bindPassword}
org.idp.apple.added: {privateKey}
org.idp.saml.added: {key} //TODO: do we need to decrypt the key?
instance.sms.configtwilio.added: {token}
instance.sms.configtwilio.token.changed: {token}
instance.smtp.config.password.changed: {password}
instance.smtp.config.added: {password}
user.human.mfa.otp.added: {otpSecret}
key_pair.added: {publicKey}
key_pair.certificate.added: {certificate}
The text was updated successfully, but these errors were encountered: