"""EncryptionKey model for AES-256 file encryption key management."""
import uuid
from sqlalchemy import Column, String, Text, Boolean, DateTime
from sqlalchemy.sql import func
from app.core.database import Base


class EncryptionKey(Base):
    """
    Encryption key storage for file encryption.

    Keys are encrypted with the Master Key before storage.
    Only system admin can manage encryption keys.
    """
    __tablename__ = "pjctrl_encryption_keys"

    id = Column(String(36), primary_key=True, default=lambda: str(uuid.uuid4()))
    key_data = Column(Text, nullable=False)  # Encrypted key using Master Key
    algorithm = Column(String(20), default="AES-256-GCM", nullable=False)
    is_active = Column(Boolean, default=True, nullable=False)
    created_at = Column(DateTime, server_default=func.now(), nullable=False)
    rotated_at = Column(DateTime, nullable=True)  # When this key was superseded