Move account private key to dedicated table

app/models/account.rb

@@ -501,6 +501,19 @@ class Account < ApplicationRecord
     save!
   end
 
+  def private_key
+    if account_secret
+      account_secret.private_key
+    else
+      super
+    end
+  end
+
+  def private_key=(value)
+    self.account_secret ||= AccountSecret.new
+    account_secret.private_key = value
+  end
+
   private
 
   def prepare_contents

app/models/account_secret.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+# == Schema Information
+#
+# Table name: account_secrets
+#
+#  id          :bigint(8)        not null, primary key
+#  private_key :text
+#  account_id  :bigint(8)        not null
+#  created_at  :datetime         not null
+#  updated_at  :datetime         not null
+#
+class AccountSecret < ApplicationRecord
+  belongs_to :account
+
+  encrypts :private_key
+end

app/models/concerns/account/associations.rb

@@ -77,5 +77,8 @@ module Account::Associations
 
     # Imports
     has_many :bulk_imports, inverse_of: :account, dependent: :delete_all
+
+    # Secrets
+    has_one :account_secret, inverse_of: :account, dependent: :destroy, autosave: true
   end
 end

db/migrate/20240726143215_create_account_secrets.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+class CreateAccountSecrets < ActiveRecord::Migration[7.1]
+  def change
+    create_table :account_secrets do |t|
+      t.text :private_key
+      t.references :account, null: false, foreign_key: true
+
+      t.timestamps
+    end
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.1].define(version: 2024_07_24_181224) do
+ActiveRecord::Schema[7.1].define(version: 2024_07_26_143215) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
 
@@ -103,6 +103,14 @@ ActiveRecord::Schema[7.1].define(version: 2024_07_24_181224) do
     t.index ["relationship_severance_event_id"], name: "idx_on_relationship_severance_event_id_403f53e707"
   end
 
+  create_table "account_secrets", force: :cascade do |t|
+    t.text "private_key"
+    t.bigint "account_id", null: false
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["account_id"], name: "index_account_secrets_on_account_id"
+  end
+
   create_table "account_stats", force: :cascade do |t|
     t.bigint "account_id", null: false
     t.bigint "statuses_count", default: 0, null: false
@@ -1274,6 +1282,7 @@ ActiveRecord::Schema[7.1].define(version: 2024_07_24_181224) do
   add_foreign_key "account_pins", "accounts", on_delete: :cascade
   add_foreign_key "account_relationship_severance_events", "accounts", on_delete: :cascade
   add_foreign_key "account_relationship_severance_events", "relationship_severance_events", on_delete: :cascade
+  add_foreign_key "account_secrets", "accounts"
   add_foreign_key "account_stats", "accounts", on_delete: :cascade
   add_foreign_key "account_statuses_cleanup_policies", "accounts", on_delete: :cascade
   add_foreign_key "account_warnings", "accounts", column: "target_account_id", on_delete: :cascade

spec/models/account_spec.rb

@@ -1067,4 +1067,15 @@ RSpec.describe Account do
       expect(subject.reload.followers_count).to eq 15
     end
   end
+
+  describe 'private key' do
+    it 'encrypts and decrypts the key' do
+      account = Fabricate(:account)
+
+      account.private_key = 'secret'
+      account.save!
+
+      expect(account.reload.private_key).to eq 'secret'
+    end
+  end
 end