-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Encrypted fields rework #24966
Conversation
Size Change: 0 B Total Size: 1.1 MB ℹ️ View Unchanged
|
📸 UI snapshots have been updated1 snapshot changes in total. 0 added, 1 modified, 0 deleted:
Triggered by this commit. |
…g into feat/cdp-field-encryption
📸 UI snapshots have been updated1 snapshot changes in total. 0 added, 1 modified, 0 deleted:
Triggered by this commit. |
…g into feat/cdp-field-encryption
📸 UI snapshots have been updated1 snapshot changes in total. 0 added, 1 modified, 0 deleted:
Triggered by this commit. |
# Conflicts: # .github/workflows/ci-e2e.yml
# Conflicts: # latest_migrations.manifest
…g into feat/cdp-field-encryption
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Playing around locally. I had
- no keys set:
print(inputs.secret)
in a function worked - set a key for the plugin server only:
print(inputs.secret)
returnednull
- set the same key for django: things started crashing
It appears django wasn't able to decrypt the previous encrypted_inputs
field, and instead of returing None
or a dict
, it returned the encrypted string. Then followup code that expects a dict
crashed.
I committed a patch to just return None
instead in this case. Then everything worked and I could print the secret again (showed up as redacted).
.github/workflows/ci-e2e.yml
Outdated
@@ -191,6 +191,7 @@ jobs: | |||
GITHUB_ACTION_RUN_URL="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |||
CELERY_METRICS_PORT=8999 | |||
CLOUD_DEPLOYMENT=E2E | |||
ENCRYPTION_SALT_KEYS=9bf7f7c13cf2148a23d6b07557f95cb7 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ProTip™️: deadbeef
is legit hex, as is 00beef0000beef0000beef0000beef00
if you want something that looks less like a real key
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nice
# Conflicts: # plugin-server/package.json # plugin-server/src/config/config.ts # plugin-server/src/types.ts
📸 UI snapshots have been updated1 snapshot changes in total. 0 added, 1 modified, 0 deleted:
Triggered by this commit. |
📸 UI snapshots have been updated1 snapshot changes in total. 0 added, 1 modified, 0 deleted:
Triggered by this commit. |
Problem
Ensures the fields are encrypted and not just removed from payloads.
Changes
encrypted_inputs
valueFollow up
👉 Stay up-to-date with PostHog coding conventions for a smoother review.
Does this work well for both Cloud and self-hosted?
How did you test this code?