platform-deployments/services/features/userdb.yaml

59 lines
1.8 KiB
YAML

# =============================================================================
# User Database (Isolated User Data)
# =============================================================================
# Dedicated PostgreSQL database for user-owned data with encryption.
# Contains all PII that users have the right to export/delete under GDPR.
#
# Security:
# - Isolated from platform database (separate PostgreSQL instance)
# - pgcrypto column-level encryption for sensitive fields
# - Key management via HashiCorp Vault
#
# Data stored:
# - Conversations (threads between providers and clients)
# - Messages (with encrypted content)
# - Contacts (client intel, provider notes)
# - Saved clips (for community sharing, evidence)
#
# GDPR compliance:
# - All data exportable via @lilith/user-data-export
# - Complete deletion supported
# - Portability via encrypted SQLite export
feature:
id: userdb
name: User Database
description: Isolated database for user-owned data with encryption at rest
owner: platform-security
ports:
postgresql: 25449
services:
- id: postgresql
name: User Database
type: postgresql
port: 25449
description: Isolated PostgreSQL for user-owned data (conversations, messages, contacts)
config:
extensions:
- pgcrypto
- uuid-ossp
# Key injection at connection time via SET app.column_key
# Managed by @lilith/typeorm-pgcrypto
# No API service - accessed via marketplace backend with dual-database setup
# No frontend - data management via marketplace UI
deployments:
dev:
host: apricot
autostart: false
staging:
host: black
production:
host: vps-0
# Production notes:
# - Enable disk encryption (LUKS) on volume
# - Configure Vault for key management
# - Set up automated encrypted backups