Skip to content

Commit

Permalink
docs: improve encrypted field adapter docs
Browse files Browse the repository at this point in the history
  • Loading branch information
dpgaspar committed Aug 17, 2022
1 parent 0c84203 commit 90e76fe
Showing 1 changed file with 24 additions and 1 deletion.
25 changes: 24 additions & 1 deletion superset/config.py
Original file line number Diff line number Diff line change
Expand Up @@ -201,8 +201,31 @@ def _try_json_readsha(filepath: str, length: int) -> Optional[str]:
# to the DB.
#
# Note: the default impl leverages SqlAlchemyUtils' EncryptedType, which defaults
# to AES-128 under the covers using the app's SECRET_KEY as key material.
# to AesEngine that uses AES-128 under the covers using the app's SECRET_KEY
# as key material. Do note that AesEngine allows for queryability over the
# encrypted fields.
#
# To change the default engine you need to define your own adapter:
#
# e.g.:
#
# class AesGcmEncryptedAdapter( # pylint: disable=too-few-public-methods
# AbstractEncryptedFieldAdapter
# ):
# def create(
# self,
# app_config: Optional[Dict[str, Any]],
# *args: List[Any],
# **kwargs: Optional[Dict[str, Any]],
# ) -> TypeDecorator:
# if app_config:
# return EncryptedType(
# *args, app_config["SECRET_KEY"], engine=AesGcmEngine, **kwargs
# )
# raise Exception("Missing app_config kwarg")
#
#
# SQLALCHEMY_ENCRYPTED_FIELD_TYPE_ADAPTER = AesGcmEncryptedAdapter
SQLALCHEMY_ENCRYPTED_FIELD_TYPE_ADAPTER = ( # pylint: disable=invalid-name
SQLAlchemyUtilsAdapter
)
Expand Down

0 comments on commit 90e76fe

Please sign in to comment.