1 files changed, 26 insertions, 2 deletions

diff --git a/crates/secd/store/pg/migrations/20221222002434_bootstrap.sql b/crates/secd/store/pg/migrations/20221222002434_bootstrap.sql
index 2b89957..0cf3fa0 100644
--- a/crates/secd/store/pg/migrations/20221222002434_bootstrap.sql
+++ b/crates/secd/store/pg/migrations/20221222002434_bootstrap.sql
@@ -19,7 +19,7 @@ create table if not exists secd.realm_data (
 create table if not exists secd.identity (
        identity_id bigserial primary key
        , identity_public_id uuid not null
-       , data jsonb -- some things are dervied, others are not
+       , data text -- we do not prescribe JSON or any other serialization format.
        , created_at timestamptz not null
        , updated_at timestamptz not null
        , deleted_at timestamptz
@@ -30,14 +30,18 @@ create table if not exists secd.credential (
        credential_id bigserial primary key
        , credential_public_id uuid not null
        , identity_id bigint not null references secd.identity(identity_id)
+       , partial_key text
        , type text not null-- e.g. password, oidc, totop, lookup_secret, webauthn, ...
        , data jsonb not null
-       , version integer not null
        , created_at timestamptz not null
        , revoked_at timestamptz
        , deleted_at timestamptz
 );
 
+create unique index if not exists credential_passphrase_type_key_ix
+on secd.credential (partial_key)
+where type = 'Passphrase';
+
 create table if not exists secd.address (
        address_id bigserial primary key
        , address_public_id uuid not null
@@ -83,3 +87,23 @@ create table if not exists secd.message (
        , created_at timestamptz not null
        , sent_at timestamptz
 );
+
+create table if not exists secd.namespace_config (
+       namespace text not null
+       , serialized_config text not null
+       , created_at xid8 not null
+       , deleted_at xid8
+       -- TODO: indexes and stuff
+);
+
+create table if not exists secd.relation_tuple (
+       namespace text not null
+       , object_id text not null
+       , relation text not null
+       , userset_namespace text not null
+       , userset_object_id text not null
+       , userset_relation text not null
+       , created_at xid8 not null
+       , deleted_at xid8 not null
+       -- TODO: indexes and stuff
+);