-- Migration: Create external_services_credentials table
-- Description: Stores encrypted credentials for third-party services (Stripe, Cloudflare, etc.)

CREATE TABLE IF NOT EXISTS external_services_credentials (
    id UUID PRIMARY KEY DEFAULT uuid_generate_v7(),
    service_name VARCHAR(50) UNIQUE NOT NULL, -- e.g. 'stripe', 'cloudflare'
    encrypted_payload TEXT NOT NULL,          -- RSA Encrypted Base64
    updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
    updated_by UUID,                          -- ID of the admin who updated it
    
    FOREIGN KEY (updated_by) REFERENCES users(id) ON DELETE SET NULL
);

-- Index for fast lookup by service name
CREATE INDEX idx_service_name ON external_services_credentials(service_name);

COMMENT ON TABLE external_services_credentials IS 'Stores securely encrypted credentials for external services';