Jason Woltje
46d0a06ef5
feat(#356): Build credential CRUD API endpoints
Implement comprehensive CRUD API for managing user credentials with encryption,
RLS, and audit logging following TDD methodology.
Features:
- POST /api/credentials - Create encrypted credential
- GET /api/credentials - List credentials (masked values only)
- GET /api/credentials/:id - Get single credential (masked)
- GET /api/credentials/:id/value - Decrypt plaintext (rate limited 10/min)
- PATCH /api/credentials/:id - Update metadata
- POST /api/credentials/:id/rotate - Rotate credential value
- DELETE /api/credentials/:id - Soft delete
Security:
- All values encrypted via VaultService (TransitKey.CREDENTIALS)
- List/Get endpoints NEVER return plaintext (only maskedValue)
- getValue endpoint rate limited to 10 requests/minute per user
- All operations audit-logged with CREDENTIAL_* ActivityAction
- RLS enforces per-user isolation via getRlsClient() pattern
- Input validation via class-validator DTOs
Testing:
- 26/26 unit tests passing
- 95.71% code coverage (exceeds 85% requirement)
- Service: 95.16%
- Controller: 100%
- TypeScript checks pass
Files created:
- apps/api/src/credentials/credentials.service.ts
- apps/api/src/credentials/credentials.service.spec.ts
- apps/api/src/credentials/credentials.controller.ts
- apps/api/src/credentials/credentials.controller.spec.ts
- apps/api/src/credentials/credentials.module.ts
- apps/api/src/credentials/dto/*.dto.ts (5 DTOs)
Files modified:
- apps/api/src/app.module.ts - imported CredentialsModule
Note: Admin credentials endpoints deferred to future issue. Current
implementation covers all user credential endpoints.
Refs #346
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-07 16:50:02 -06:00
..
2026-02-07 16:50:02 -06:00
2026-02-05 18:36:16 -06:00
2026-02-07 11:27:35 -06:00
2026-02-06 20:33:52 -06:00