{"id":48110500,"url":"https://github.com/rsclarke/certmagic-sqlite","last_synced_at":"2026-04-04T16:04:37.773Z","repository":{"id":336779577,"uuid":"1143784805","full_name":"rsclarke/certmagic-sqlite","owner":"rsclarke","description":"SQLite storage backend for caddyserver/certmagic","archived":false,"fork":false,"pushed_at":"2026-03-18T13:26:41.000Z","size":42,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-18T21:47:21.425Z","etag":null,"topics":["certmagic","sqlite"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rsclarke.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"rsclarke","thanks_dev":"u/gh/rsclarke"}},"created_at":"2026-01-28T01:15:24.000Z","updated_at":"2026-03-18T13:24:07.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/rsclarke/certmagic-sqlite","commit_stats":null,"previous_names":["rsclarke/certmagic-sqlite"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/rsclarke/certmagic-sqlite","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rsclarke%2Fcertmagic-sqlite","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rsclarke%2Fcertmagic-sqlite/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rsclarke%2Fcertmagic-sqlite/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rsclarke%2Fcertmagic-sqlite/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rsclarke","download_url":"https://codeload.github.com/rsclarke/certmagic-sqlite/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rsclarke%2Fcertmagic-sqlite/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31405309,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-04T10:20:44.708Z","status":"ssl_error","status_checked_at":"2026-04-04T10:20:06.846Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certmagic","sqlite"],"created_at":"2026-04-04T16:04:37.711Z","updated_at":"2026-04-04T16:04:37.764Z","avatar_url":"https://github.com/rsclarke.png","language":"Go","funding_links":["https://github.com/sponsors/rsclarke","https://thanks.dev/u/gh/rsclarke"],"categories":[],"sub_categories":[],"readme":"# certmagic-sqlite\n\nA SQLite storage backend for [CertMagic](https://github.com/caddyserver/certmagic). Pure Go, no CGO required.\n\n## Features\n\n- Implements `certmagic.Storage` and `certmagic.Locker` interfaces\n- Pure Go SQLite driver ([modernc.org/sqlite](https://pkg.go.dev/modernc.org/sqlite)) — no CGO\n- Supports shared database connections for applications already using SQLite\n- Automatic schema migrations\n- Distributed locking with expiration-based stale lock detection\n\n## Installation\n\n```bash\ngo get github.com/rsclarke/certmagic-sqlite\n```\n\n## Usage\n\n### Standalone Database\n\nUse `New()` when CertMagic should manage its own database file:\n\n```go\npackage main\n\nimport (\n    \"github.com/caddyserver/certmagic\"\n    \"github.com/rsclarke/certmagic-sqlite\"\n)\n\nfunc main() {\n    storage, err := certmagicsqlite.New(\"/path/to/certs.db\")\n    if err != nil {\n        log.Fatal(err)\n    }\n    defer storage.Close()\n\n    certmagic.Default.Storage = storage\n\n    // Use certmagic...\n}\n```\n\n`New()` automatically configures:\n- WAL journal mode (for better concurrency)\n- `synchronous=NORMAL` (safe balance of durability and performance)\n- `busy_timeout=5000` (5 second wait on lock contention)\n\n### Shared Database\n\nUse `NewWithDB()` when you want to store certificates in an existing application database:\n\n```go\npackage main\n\nimport (\n    \"database/sql\"\n\n    \"github.com/caddyserver/certmagic\"\n    \"github.com/rsclarke/certmagic-sqlite\"\n    _ \"modernc.org/sqlite\"\n)\n\nfunc main() {\n    // Open your application database\n    db, err := sql.Open(\"sqlite\", \"/path/to/app.db\")\n    if err != nil {\n        log.Fatal(err)\n    }\n    defer db.Close()\n\n    // Configure recommended PRAGMAs (see below)\n    db.Exec(\"PRAGMA journal_mode=WAL\")\n    db.Exec(\"PRAGMA busy_timeout=5000\")\n\n    // Create your application tables\n    db.Exec(\"CREATE TABLE IF NOT EXISTS users (...)\")\n\n    // Create CertMagic storage (runs schema migrations automatically)\n    storage, err := certmagicsqlite.NewWithDB(db)\n    if err != nil {\n        log.Fatal(err)\n    }\n    defer storage.Close() // No-op; doesn't close the shared db\n\n    certmagic.Default.Storage = storage\n}\n```\n\n## Configuration Options\n\nBoth constructors accept functional options:\n\n```go\nstorage, err := certmagicsqlite.New(\"/path/to/certs.db\",\n    certmagicsqlite.WithLockTTL(5*time.Minute),      // Lock expiration (default: 2 minutes)\n    certmagicsqlite.WithQueryTimeout(10*time.Second), // Query timeout (default: 3 seconds)\n)\n```\n\n| Option | Default | Description |\n|--------|---------|-------------|\n| `WithLockTTL(d)` | 2 minutes | Duration after which locks expire and can be stolen |\n| `WithQueryTimeout(d)` | 3 seconds | Timeout for individual database queries |\n| `WithOwnerID(id)` | Random UUID | Identifier for lock ownership (see below) |\n\n### Lock Owner ID\n\nBy default, a random UUID is generated each time the storage is created. This means after a restart, the application cannot clean up its own stale locks — it must wait for them to expire.\n\nFor faster recovery after restarts, provide a stable owner ID:\n\n```go\nimport \"os\"\n\nhostname, _ := os.Hostname()\nstorage, err := certmagicsqlite.New(\"/path/to/certs.db\",\n    certmagicsqlite.WithOwnerID(hostname),\n)\n```\n\n| Deployment | Recommended ownerID |\n|------------|---------------------|\n| Single instance | Hostname or fixed string |\n| Multiple instances | Unique per instance (hostname, pod name, etc.) |\n\n## Recommended SQLite Settings for `NewWithDB`\n\nWhen using `NewWithDB()`, you are responsible for configuring the database connection. Here are the recommended settings:\n\n### Journal Mode: WAL\n\n```go\ndb.Exec(\"PRAGMA journal_mode=WAL\")\n```\n\nWAL (Write-Ahead Logging) provides:\n- Better concurrency (readers don't block writers)\n- Improved performance for mixed read/write workloads\n- Crash resilience\n\n**Note:** WAL is not supported for `:memory:` databases.\n\n### Busy Timeout\n\n```go\ndb.Exec(\"PRAGMA busy_timeout=5000\")  // 5000ms = 5 seconds\n```\n\nConfigures how long SQLite waits when the database is locked by another connection. Without this, you may see \"database is locked\" errors under contention.\n\n### Synchronous Mode\n\n```go\ndb.Exec(\"PRAGMA synchronous=NORMAL\")\n```\n\nOptions:\n- `FULL` (default): Safest, slowest — syncs after every transaction\n- `NORMAL`: Safe with WAL — syncs less frequently, good performance\n- `OFF`: Fastest, but risks corruption on power loss\n\n`NORMAL` is recommended when using WAL mode.\n\n### Connection Pool Settings\n\n```go\ndb.SetMaxOpenConns(1)  // Serialize all writes\ndb.SetMaxIdleConns(1)  // Keep connection warm\n```\n\nSQLite only supports one writer at a time. Setting `MaxOpenConns(1)` prevents \"database is locked\" errors by serializing access at the Go level.\n\n### Complete Example\n\n```go\ndb, _ := sql.Open(\"sqlite\", \"/path/to/app.db\")\n\n// Recommended settings\ndb.SetMaxOpenConns(1)\ndb.SetMaxIdleConns(1)\ndb.Exec(\"PRAGMA journal_mode=WAL\")\ndb.Exec(\"PRAGMA synchronous=NORMAL\")\ndb.Exec(\"PRAGMA busy_timeout=5000\")\n\nstorage, _ := certmagicsqlite.NewWithDB(db)\n```\n\n## Schema\n\nThe following tables are created automatically:\n\n```sql\nCREATE TABLE IF NOT EXISTS certmagic_data (\n    key TEXT PRIMARY KEY,\n    value BLOB NOT NULL,\n    modified INTEGER NOT NULL  -- Unix timestamp (milliseconds)\n);\n\nCREATE TABLE IF NOT EXISTS certmagic_locks (\n    name TEXT PRIMARY KEY,\n    expires_at INTEGER NOT NULL,  -- Unix timestamp (milliseconds)\n    owner_id TEXT NOT NULL\n);\n```\n\nThese tables coexist safely with your application tables.\n\n## When to Use SQLite vs Other Backends\n\n**SQLite is ideal for:**\n- Single-node deployments\n- Embedded applications or appliances\n- Simplicity (no external database server)\n- Applications already using SQLite\n\n**Consider PostgreSQL/Redis/Consul for:**\n- Multi-node clusters sharing certificates\n- High-availability deployments\n- Distributed locking across multiple servers\n\nSQLite storage provides the same single-node guarantees as the default filesystem storage, with added benefits of atomic transactions and single-file backup.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frsclarke%2Fcertmagic-sqlite","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frsclarke%2Fcertmagic-sqlite","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frsclarke%2Fcertmagic-sqlite/lists"}