- Notifications
You must be signed in to change notification settings - Fork1.1k
feat(coderd/database/dbpurge): make API keys retention configurable#21037
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Open
mafredri wants to merge18 commits intomafredri/feat-coderd-db-retention-policy-3Choose a base branch
base:mafredri/feat-coderd-db-retention-policy-3
Could not load branches
Branch not found:{{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline, and old review comments may become outdated.
Open
feat(coderd/database/dbpurge): make API keys retention configurable#21037
mafredri wants to merge18 commits intomafredri/feat-coderd-db-retention-policy-3frommafredri/feat-coderd-db-retention-policy-4
+990 −43
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
008a48a to03f5ec5Compare07ae594 to9ca58c3CompareAdd `RetentionConfig` with server flags for configuring data retention:- `--global-retention`: default policy for all retention settings- `--audit-logs-retention`: retention for audit log entries- `--connection-logs-retention`: retention for connection logs- `--api-keys-retention`: retention for expired API keys (default 7d)Updates#20743
Remove the global retention fallback in favor of explicit per-topicretention settings. This makes the retention behavior clearer andeasier for operators to reason about.Each retention setting now:- Enables retention when set to a non-zero duration- Disables retention (keep indefinitely) when set to 0
Connection logs retention is now explicit - it's enabled when--connection-logs-retention is set to a non-zero duration, anddisabled when set to 0. No fallback to global retention.
9ca58c3 toa21395aCompare03f5ec5 to46f07e1Comparedannykopping approved these changesDec 2, 2025
Use :execrows instead of :one to simplify the query by removing theextra CTE wrapper. This lets PostgreSQL return the row count directlyvia RowsAffected() instead of requiring an explicit COUNT(*) scan.
a21395a to82f1c2bCompare46f07e1 to27c90ddCompareEmyrk approved these changesDec 2, 2025
| user_id= $1; | ||
| -- name: DeleteExpiredAPIKeys :one | ||
| -- name: DeleteExpiredAPIKeys :execrows |
Member
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
woah TIL!
Member
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
@dannykopping have you seen this annotation?
Contributor
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I haven't! Those crows should watch out... 🐦⬛
MemberAuthor
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
crows.exe is beakoning.
Increase from 1000 to 10000 to improve deletion throughput for largedeployments. At 10 minute intervals, this allows purging up to 1.44Mrecords per day.
Add configurable retention policy for audit logs. The DeleteOldAuditLogsquery excludes deprecated connection events (connect, disconnect, open,close) which are handled separately by DeleteOldAuditLogConnectionEvents.Falls back to global retention if audit logs retention is unset.Disabled (0) by default.Depends on#21021Updates#20743
Audit logs retention is now explicit - it's enabled when--audit-logs-retention is set to a non-zero duration, anddisabled when set to 0. No fallback to global retention.
Use :execrows instead of :one to simplify the query by removing theextra CTE wrapper. This lets PostgreSQL return the row count directlyvia RowsAffected() instead of requiring an explicit COUNT(*) scan.
API keys retention is now explicit - it's enabled when--api-keys-retention is set to a non-zero duration (default 7d),and disabled when set to 0. No fallback to global retention.
Use :execrows instead of :one to simplify the query by removing theextra CTE wrapper. This lets PostgreSQL return the row count directlyvia RowsAffected() instead of requiring an explicit COUNT(*) scan.
82f1c2b to2ce8f62Compare27c90dd to1bed429Compare8cb020d to2a45adbCompareSign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading.Please reload this page.
Replace hardcoded 7-day retention for expired API keys with configurable
retention from deployment settings. Skips deletion entirely when effective retention is 0.
Depends on#21021
Updates#20743
PR Stack
workspace_agent_logs