/DB

Changelog

What changed in Socigy.OpenSource.DB v0.3.0 — field encryption, rotating DB credentials, batched bulk insert, the HashiCorp Vault package, schema placeholders, and build-time generator diagnostics.

updated 5 Jun 20262 min readv0.3.0View as Markdown
5 June 2026
Socigy.OpenSource.DBv0.3.0stable
Added
  • Field-level encryption. Mark a property [Encrypted] to encrypt it on write and decrypt it on read, stored as bytea. Any common value type plus string/byte[] is supported. A built-in authenticated AesFieldEncryptor (AES-256-CBC + HMAC-SHA256) ships in the package; the encryptor is pluggable via IFieldEncryptor + SocigyFieldEncryption.Configure. Encrypted columns are non-queryable (a clear NotSupportedException is thrown). [Encrypted(AutoDecrypt = false)] defers decryption — exposing a read-only {Field}RawEncrypted and a lazy, caching {Field}Decrypted accessor.
  • Background diagnostics. The Vault encryptor/credentials provider, the connection factory's credential refresh, and SocigyFieldEncryption.Configure emit ILogger messages and OpenTelemetry spans under the Socigy.OpenSource.DB source, so admins can track key loads, credential leases, and renewals.
  • Rotating DB credentials. The generated connection factory can source its connection string from an optional IDbCredentialsProvider (sync cached value + async refresh), enabling externally-managed/rotating credentials.
  • Batched bulk insert. Table.InsertMultipleAsync(rows, conn[, tx]) inserts a whole collection as chunked multi-row INSERT ... VALUES (…),(…) commands (auto-chunked under PostgreSQL's 65,535-parameter limit) instead of a command per row.
  • New optional package Socigy.OpenSource.DB.HashiCorp — HashiCorp Vault implementations: field encryption keyed from Vault (KV-v2) and rotating credentials from Vault's Database secrets engine, each wired with one DI call.
  • Schema placeholders in procedure files. Reference a table or column from a .sql procedure with optional {{Type}} (→ table name) and {{Type.Property}} (→ column name) placeholders; the generator expands them at build time to the real, quoted names, keeping raw SQL in sync with C# renames and [Table]/[Column] overrides. Files that use no placeholder are flagged (SCGDB003) and can opt out per-file with -- @ignore warning.
  • Build-time generator diagnostics. The source generator now validates tables and procedure files and reports issues as SCGDB### diagnostics — unsupported attribute combinations, missing primary keys, malformed or unresolvable procedure headers and placeholders, unused/undeclared parameters, and more. Each is configurable from .editorconfig.
Fixed
  • The OpenTelemetry instrumentation-scope version now reports the package version instead of 1.0.0.0.
  • Migration-version lookup no longer throws (and breaks in the debugger) on first run when the migrations table doesn't exist yet — it probes with to_regclass first.
  • A still-active query/stream when a unit-of-work delegate completes (a forgotten await) now throws a clear, actionable error instead of an opaque "command already in progress".