secret storage

[fiftin]

• feat(storage): add storage table
• feat(db): add secret storage
• feat(stoarge): add service
• feat(keys): add storage model
• feat(keys): model fields
• feat(keys): add storages page
• feat(keys): add secret storages controller
• refactor: use services for access key descryption
• feat(keys): add vault support
• feat(keys): add endpoints
• fix(keys): fill installer interface
• fix: null pointers of services
• fix(api): incorrect usage middleware
• fix(secrets): fix sql query
• feat(secrets): manipulation of storage

[Copilot]

Pull Request Overview

This PR introduces end-to-end support for storing secrets in external storage (e.g., Vault) including UI pages, API endpoints, services, task/runtime integration, and database schema updates.

• Frontend: Adds a new SecretStorages.vue page, integrates secret storage selection into key forms, updates routing and icons.
• Backend: Implements SecretStorageService, integrates AccessKeyEncryptionService and AccessKeyInstallationService, refactors task & schedule pools to inject an AccessKeyInstaller.
• Database: Adds a project__secret_storage table via migrations and extends the Store interface and SQL/Bolt adapters accordingly.

Reviewed Changes

Copilot reviewed 72 out of 73 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
web/src/views/project/SecretStorages.vue	New UI for listing/managing secret storages
web/src/components/InventoryForm.vue	Leftover merge conflict markers in inventory form
services/schedules/SchedulePool.go	Missing import for db_lib, injection of AccessKeyInstaller
services/server_services/secret_storage_svc.go	SecretStorageService doesn’t delete an access key on token removal
services/tasks/TaskRunner_test.go	Commented-out assertions reduce test coverage for inventory

Comments suppressed due to low confidence (3)

web/src/components/InventoryForm.vue:10

• Leftover merge conflict markers remain in this file; please remove <<<<<<< HEAD/=======/>>>>>>> and reconcile changes.

            list-item-two-line,

services/tasks/TaskRunner_test.go:391

• Commented-out assertions remove coverage for inventory population logic. Reinstate or update these tests to ensure inventory IDs are correctly populated.

		t.Fatal(err)

services/schedules/SchedulePool.go:22

• The code references db_lib.AccessKeyInstaller but db_lib is not imported; add import "github.com/semaphoreui/semaphore/db_lib".

	keyInstaller      db_lib.AccessKeyInstaller

[Copilot]

The translation key 'nnew' looks like a typo and should probably be 'new' to match other labels.

Suggested change

	:title="`${itemId === 'new' ? $t('nnew') : $t('edit')} Hashicorp Vault Storage`"
	:title="`${itemId === 'new' ? $t('new') : $t('edit')} Hashicorp Vault Storage`"

[Copilot]

When storage.VaultToken is cleared (empty), the existing vault access key is not deleted. Consider calling accessKeyService.DeleteAccessKey for vault.ID to keep storage tokens in sync.

Suggested change

	// Do nothing if the vault token is empty,
	// as it means the user haven't set a new token.
	//err = s.keyRepo.DeleteAccessKey(storage.ProjectID, vault.ID)
	// Delete the access key if the vault token is empty,
	// to ensure storage tokens and access keys remain in sync.
	err = s.accessKeyService.DeleteAccessKey(vault.ID)
	if err != nil {
	return
	}