feat(backend): add sanitized schema generation for analytics views

[maidul98]

Context

Adds the ability to generate a sanitized PostgreSQL schema (infisical-sanitized) containing read-only views of database tables. This enables external analytics tools to query data without accessing the main schema directly.

How it works:

• Controlled by GENERATE_SANITIZED_SCHEMA environment variable
• Drops the existing sanitized schema before migrations run (to avoid blocking ALTER TABLE operations)
• Recreates the schema with views after migrations complete
• Uses advisory locks to ensure only one container executes schema generation in multi-replica deployments
• Fails silently without blocking app startup, logging errors with SANITIZED_SCHEMA_ERROR identifier

Screenshots

N/A - Backend only change

Steps to verify the change

1. Set GENERATE_SANITIZED_SCHEMA=true in .env
2. Connect to PostgreSQL and verify the infisical-sanitized schema exists with views

Type

• Fix
• Feature
• Improvement
• Breaking
• Docs
• Chore

Checklist

• Title follows the conventional commit format: type(scope): short description (scope is optional, e.g., fix: prevent crash on sync or fix(api): handle null response).
• Tested locally
• Updated docs (if needed)
• Read the contributing guide

[maidul98]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[greptile-apps]

Greptile Overview

Greptile Summary

Adds the ability to generate a sanitized PostgreSQL schema (infisical-sanitized) containing read-only views of database tables for analytics tools. The feature is controlled by the GENERATE_SANITIZED_SCHEMA environment variable and uses advisory locks to prevent conflicts in multi-replica deployments.

Key changes:

• Created sanitized-schema.ts with SQL validation to prevent injection attacks
• Defined views for 81 database tables in sanitized-schema.yaml
• Integrated schema lifecycle management: drop before migrations, recreate after
• Added @infisical/pg-view-generator package dependency for SQL generation
• Used advisory lock (2026) to coordinate schema generation across instances

Issues found:

• The external_certificate_authorities table exposes credentials and configuration columns containing encrypted/sensitive data. This increases attack surface by allowing analytics tools access to encrypted credentials.
• Lock acquisition error handling in auto-start-migrations.ts could allow schema drop operations to proceed without proper lock protection.

Confidence Score: 3/5

• This PR has security concerns that should be addressed before merging, particularly around exposing encrypted credentials in analytics views.
• Score reflects two logic-level issues: (1) exposure of encrypted credentials in the external_certificate_authorities view which increases attack surface, and (2) a race condition where schema operations could proceed without lock protection if lock acquisition fails. The implementation is otherwise well-structured with SQL validation and proper lock coordination.
• Pay close attention to backend/src/db/sanitized-schema.yaml for the credentials exposure issue and backend/src/auto-start-migrations.ts for the lock handling logic.

Important Files Changed

Filename	Overview
backend/src/db/sanitized-schema.ts	Implements sanitized schema generation with SQL validation and advisory locks. SQL validation prevents injection but relies on external package for SQL generation.
backend/src/db/sanitized-schema.yaml	Defines views for 81 database tables. Exposes encrypted credentials in external_certificate_authorities table which poses a security risk.
backend/src/auto-start-migrations.ts	Added sanitized schema lifecycle management (drop before migrations, recreate after). Lock acquisition error handling could allow operations without lock protection.

[greptile-apps]

_{2 files reviewed, 2 comments}

_{Edit Code Review Agent Settings | Greptile}