Migrate credentials to Azure Key Vault (#3681)

2025-10-10 10:10:18 -06:00
parent c3ce5b1952
commit 32e6aed8ce
12 changed files with 438 additions and 52 deletions
--- a/skyvern/forge/sdk/db/client.py
+++ b/skyvern/forge/sdk/db/client.py
@@ -77,7 +77,7 @@ from skyvern.forge.sdk.encrypt.base import EncryptMethod
 from skyvern.forge.sdk.log_artifacts import save_workflow_run_logs
 from skyvern.forge.sdk.models import Step, StepStatus
 from skyvern.forge.sdk.schemas.ai_suggestions import AISuggestion
-from skyvern.forge.sdk.schemas.credentials import Credential, CredentialType
+from skyvern.forge.sdk.schemas.credentials import Credential, CredentialType, CredentialVaultType
 from skyvern.forge.sdk.schemas.debug_sessions import BlockRun, DebugSession
 from skyvern.forge.sdk.schemas.organization_bitwarden_collections import OrganizationBitwardenCollection
 from skyvern.forge.sdk.schemas.organizations import (
@@ -3628,19 +3628,27 @@ class AgentDB:

    async def create_credential(
        self,
-        name: str,
-        credential_type: CredentialType,
        organization_id: str,
+        name: str,
+        vault_type: CredentialVaultType,
        item_id: str,
-        totp_type: str = "none",
+        credential_type: CredentialType,
+        username: str | None,
+        totp_type: str,
+        card_last4: str | None,
+        card_brand: str | None,
    ) -> Credential:
        async with self.Session() as session:
            credential = CredentialModel(
                organization_id=organization_id,
                name=name,
-                credential_type=credential_type,
+                vault_type=vault_type,
                item_id=item_id,
+                credential_type=credential_type,
+                username=username,
                totp_type=totp_type,
+                card_last4=card_last4,
+                card_brand=card_brand,
            )
            session.add(credential)
            await session.commit()
@@ -3733,7 +3741,9 @@ class AgentDB:
        async with self.Session() as session:
            organization_bitwarden_collection = (
                await session.scalars(
-                    select(OrganizationBitwardenCollectionModel).filter_by(organization_id=organization_id)
+                    select(OrganizationBitwardenCollectionModel)
+                    .filter_by(organization_id=organization_id)
+                    .filter_by(deleted_at=None)
                )
            ).first()
            if organization_bitwarden_collection:
--- a/skyvern/forge/sdk/db/models.py
+++ b/skyvern/forge/sdk/db/models.py
@@ -807,6 +807,7 @@ class OrganizationBitwardenCollectionModel(Base):

    created_at = Column(DateTime, default=datetime.datetime.utcnow, nullable=False)
    modified_at = Column(DateTime, default=datetime.datetime.utcnow, onupdate=datetime.datetime.utcnow, nullable=False)
+    deleted_at = Column(DateTime, nullable=True)


 class CredentialModel(Base):
@@ -814,11 +815,16 @@ class CredentialModel(Base):

    credential_id = Column(String, primary_key=True, default=generate_credential_id)
    organization_id = Column(String, nullable=False)
+    vault_type = Column(String, nullable=True)
    item_id = Column(String, nullable=True)

    name = Column(String, nullable=False)
    credential_type = Column(String, nullable=False)
+    username = Column(String, nullable=True)
    totp_type = Column(String, nullable=False, default="none")
+    totp_identifier = Column(String, nullable=True, default=None)
+    card_last4 = Column(String, nullable=True)
+    card_brand = Column(String, nullable=True)

    created_at = Column(DateTime, default=datetime.datetime.utcnow, nullable=False)
    modified_at = Column(DateTime, default=datetime.datetime.utcnow, onupdate=datetime.datetime.utcnow, nullable=False)