Replace x.Dialect().URI().DBType with x.DriverName() for more reliable database driver detection. Add support for 'pgx' and 'sqlite' driver variants alongside existing 'postgres' and 'sqlite3'. Improve logging with driver information and error messages for better migration debugging.
Implements explicit column migration logic to handle schema upgrades that xorm.Sync() doesn't reliably perform. Adds encryption_mode column migration for vault_secret table to support lockbox (E2E) encryption. Includes database-agnostic column existence checks and ALTER TABLE statement generation for PostgreSQL, MySQL, SQLite, and MSSQL.
Adds tracking of master key source (app.ini, env var, file, or Gitea SECRET_KEY fallback) and exposes methods to check if fallback key is in use. This enables better visibility into which key configuration is active and helps identify when the system is using the less secure fallback option.
Add license limit enforcement when creating secrets and tokens. Pass license limits to service layer and return appropriate errors when tier limits are exceeded. Handle limit errors in both API and web routes with proper error messages prompting users to upgrade.
Replace custom chi.Router extraction logic with the new plugins.PluginRouter interface. This simplifies route registration by using the standardized plugin API instead of type assertions and reflection.
Loads the master encryption key during plugin initialization and provides helpful warnings if the key is not configured, guiding users to set MASTER_KEY in app.ini or GITCADDY_VAULT_KEY environment variable.
Adds support for configuring vault master key via [vault] MASTER_KEY in app.ini with highest priority. Also adds IsConfigured() and ConfigurationError() methods to plugin interface for better configuration validation. Priority order is now: app.ini > env var > file > gitea secret key.
- Remove hardcoded PluginVersion constant
- Add Version variable settable via ldflags
- Update routes.go to use Version for UI display
- Version now injected by server build process
When compiled into the server, the router passed is *web.Router not chi.Router.
Added ChiRouterProvider interface to extract the underlying chi router.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Module path is now git.marketally.com/gitcaddy/gitcaddy-vault
to match the actual repository name.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change package from main to vault for import compatibility
- Add init() auto-registration when package is imported
- Remove plugin build jobs from CI (no longer needed)
- Update README for compiled-in architecture
- Add BSL 1.1 license
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Updates all imports and go.mod to use the new /v3 suffixed module path
for proper Go semantic versioning compliance.
Also updates CI workflows to use version tags (v3.x.x) instead of
pseudo-versions now that the server module has the proper /v3 suffix.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Server plugin interface uses `any` for route registration methods.
Cast to chi.Router inside the method implementation.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
