Warden

PostgreSQL Store

Production-grade PostgreSQL store with automatic migrations.

The PostgreSQL store uses pgxpool for connection pooling and includes embedded SQL migrations.

Usage

import "github.com/xraph/warden/store/postgres"

pgStore, err := postgres.New(ctx, "postgres://user:pass@localhost:5432/warden")
if err != nil {
    log.Fatal(err)
}
defer pgStore.Close()

// Run migrations (creates tables if they don't exist)
if err := pgStore.Migrate(ctx); err != nil {
    log.Fatal(err)
}

Connection String

Standard PostgreSQL connection string format:

postgres://user:password@host:port/database?sslmode=disable

Migrations

The store includes 8 embedded migration files that create:

TablePurpose
warden_rolesRoles with hierarchy
warden_permissionsPermissions (resource + action)
warden_role_permissionsRole-permission attachments
warden_assignmentsRole assignments to subjects
warden_relationsReBAC relation tuples
warden_policiesABAC policies (JSONB conditions)
warden_resource_typesResource type definitions
warden_check_logsAuthorization check audit trail

All tables include:

  • tenant_id column for multi-tenant isolation
  • Appropriate indexes for query performance
  • Unique constraints to prevent duplicates

JSONB Fields

Complex fields are stored as JSONB:

  • warden_policies.subjects[]string
  • warden_policies.actions[]string
  • warden_policies.resources[]string
  • warden_policies.conditions[]Condition
  • warden_policies.metadatamap[string]any
  • warden_resource_types.relations[]RelationDef
  • warden_resource_types.permissions[]PermissionDef

When to Use

  • Production deployments
  • Multi-instance services (shared database)
  • When you need ACID transactions and durability

Memory Store

In-memory store for development and testing.

SQLite Store

Embedded SQLite store for single-instance deployments.

On this page

UsageConnection StringMigrationsJSONB FieldsWhen to Use