dify_admin/docs/api/tenant_manager.md

# Tenant Manager API Documentation

## Overview
The `TenantManager` class provides functionality for managing tenants (workspaces), including:
- Tenant creation with RSA key pair generation
- Key management (generation, storage)
- Tenant search and retrieval

## Class Methods

### `generate_rsa_key_pair()`
Generates a new RSA key pair for tenant encryption.

**Returns:**
- Tuple of (public_key_pem, private_key)
  - public_key_pem: PEM formatted public key string
  - private_key: RSA private key object

**Example:**
```python
public_key, private_key = TenantManager.generate_rsa_key_pair()
```

### `save_private_key(tenant_id, private_key)`
Securely stores a private key for a tenant.

**Parameters:**
- `tenant_id` (UUID): Tenant identifier
- `private_key`: RSA private key object

**Returns:**
- Path to stored private key file

### `create_tenant(workspace_name)`
Creates a new tenant with cryptographic keys.

**Parameters:**
- `workspace_name` (str): Name for the new tenant/workspace

**Returns:**
- UUID of created tenant

**Process:**
1. Generates RSA key pair
2. Stores private key securely
3. Creates tenant record with public key

### Query Methods
- `get_tenant_by_name(workspace_name)`: Retrieves tenant by name
- `get_all_tenants()`: Lists all tenants
- `search_tenants(search_term)`: Searches tenants by name

**Return Format:**
```python
{
    "id": str/UUID,
    "name": str,
    "encrypt_public_key": str,
    "created_at": datetime
}
```

## Security Considerations
- Uses 2048-bit RSA keys for encryption
- Private keys stored in secure directory structure
- Public keys stored in database for encryption
- All operations are logged

## Error Handling
Methods raise exceptions on failure and log errors using the module logger.