59 lines
1.8 KiB
YAML
59 lines
1.8 KiB
YAML
# =============================================================================
|
|
# User Database (Isolated User Data)
|
|
# =============================================================================
|
|
# Dedicated PostgreSQL database for user-owned data with encryption.
|
|
# Contains all PII that users have the right to export/delete under GDPR.
|
|
#
|
|
# Security:
|
|
# - Isolated from platform database (separate PostgreSQL instance)
|
|
# - pgcrypto column-level encryption for sensitive fields
|
|
# - Key management via HashiCorp Vault
|
|
#
|
|
# Data stored:
|
|
# - Conversations (threads between providers and clients)
|
|
# - Messages (with encrypted content)
|
|
# - Contacts (client intel, provider notes)
|
|
# - Saved clips (for community sharing, evidence)
|
|
#
|
|
# GDPR compliance:
|
|
# - All data exportable via @lilith/user-data-export
|
|
# - Complete deletion supported
|
|
# - Portability via encrypted SQLite export
|
|
|
|
feature:
|
|
id: userdb
|
|
name: User Database
|
|
description: Isolated database for user-owned data with encryption at rest
|
|
owner: platform-security
|
|
|
|
ports:
|
|
postgresql: 25449
|
|
|
|
services:
|
|
- id: postgresql
|
|
name: User Database
|
|
type: postgresql
|
|
port: 25449
|
|
description: Isolated PostgreSQL for user-owned data (conversations, messages, contacts)
|
|
config:
|
|
extensions:
|
|
- pgcrypto
|
|
- uuid-ossp
|
|
# Key injection at connection time via SET app.column_key
|
|
# Managed by @lilith/typeorm-pgcrypto
|
|
|
|
# No API service - accessed via marketplace backend with dual-database setup
|
|
# No frontend - data management via marketplace UI
|
|
|
|
deployments:
|
|
dev:
|
|
host: apricot
|
|
autostart: false
|
|
staging:
|
|
host: black
|
|
production:
|
|
host: vps-0
|
|
# Production notes:
|
|
# - Enable disk encryption (LUKS) on volume
|
|
# - Configure Vault for key management
|
|
# - Set up automated encrypted backups
|