You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by dp...@apache.org on 2022/08/17 15:08:44 UTC
[superset] branch master updated: docs: improve encrypted field adapter docs (#21111)
This is an automated email from the ASF dual-hosted git repository.
dpgaspar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/superset.git
The following commit(s) were added to refs/heads/master by this push:
new db7e2b2e37 docs: improve encrypted field adapter docs (#21111)
db7e2b2e37 is described below
commit db7e2b2e3706f445d817127c770697f2a777b32c
Author: Daniel Vaz Gaspar <da...@gmail.com>
AuthorDate: Wed Aug 17 16:08:32 2022 +0100
docs: improve encrypted field adapter docs (#21111)
---
superset/config.py | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
diff --git a/superset/config.py b/superset/config.py
index 2336f61212..cc566fe6ee 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -201,8 +201,31 @@ SQLALCHEMY_CUSTOM_PASSWORD_STORE = None
# to the DB.
#
# Note: the default impl leverages SqlAlchemyUtils' EncryptedType, which defaults
-# to AES-128 under the covers using the app's SECRET_KEY as key material.
+# to AesEngine that uses AES-128 under the covers using the app's SECRET_KEY
+# as key material. Do note that AesEngine allows for queryability over the
+# encrypted fields.
#
+# To change the default engine you need to define your own adapter:
+#
+# e.g.:
+#
+# class AesGcmEncryptedAdapter( # pylint: disable=too-few-public-methods
+# AbstractEncryptedFieldAdapter
+# ):
+# def create(
+# self,
+# app_config: Optional[Dict[str, Any]],
+# *args: List[Any],
+# **kwargs: Optional[Dict[str, Any]],
+# ) -> TypeDecorator:
+# if app_config:
+# return EncryptedType(
+# *args, app_config["SECRET_KEY"], engine=AesGcmEngine, **kwargs
+# )
+# raise Exception("Missing app_config kwarg")
+#
+#
+# SQLALCHEMY_ENCRYPTED_FIELD_TYPE_ADAPTER = AesGcmEncryptedAdapter
SQLALCHEMY_ENCRYPTED_FIELD_TYPE_ADAPTER = ( # pylint: disable=invalid-name
SQLAlchemyUtilsAdapter
)