Skip to content

feat(declarativeSettings): support encryption of sensitive values#53121

Merged
AndyScherzinger merged 2 commits intomasterfrom
feat/sensitive-declarative-settings
May 28, 2025
Merged

feat(declarativeSettings): support encryption of sensitive values#53121
AndyScherzinger merged 2 commits intomasterfrom
feat/sensitive-declarative-settings

Conversation

@andrey18106
Copy link
Contributor

@andrey18106 andrey18106 commented May 26, 2025
edited
Loading

Summary

This PR introduces new Declarative setting field attribute sensitive: true/false, available for Text and Password field types. Sensitive fields are encrypted on server side and the values are not exposed to the UI.

Declarative forms with handler (https://github.com/nextcloud/server/blob/master/lib/public/Settings/IDeclarativeSettingsFormWithHandlers.php) must implement this in their setValue, getValue methods, as well as external storage type (using events to handle getValue/setValue actions).

For ExApps AppAPI handles this automatically inside its event handlers.

TODO

  • Clarify design of sensitive fields if they need explicit mark

Checklist

@andrey18106 andrey18106 requested review from a team and provokateurin as code owners May 26, 2025 18:05
@andrey18106 andrey18106 requested review from ArtificialOwl, leftybournes, skjnldsv, susnux and szaimen and removed request for a team May 26, 2025 18:05
This was referenced May 26, 2025
Merged
Merged
Merged
@szaimen szaimen removed their request for review May 26, 2025 19:38
provokateurin
provokateurin reviewed May 27, 2025
View reviewed changes
Copy link
Member

@provokateurin provokateurin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just some suggestions for improvements.

@andrey18106 andrey18106 force-pushed the feat/sensitive-declarative-settings branch from a2912d4 to cd742aa Compare May 27, 2025 17:25
susnux
susnux reviewed May 27, 2025
View reviewed changes
susnux
susnux reviewed May 27, 2025
View reviewed changes
susnux
susnux reviewed May 27, 2025
View reviewed changes
susnux
susnux approved these changes May 27, 2025
View reviewed changes
Copy link
Contributor

@susnux susnux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM except from the sprintf

@andrey18106 andrey18106 force-pushed the feat/sensitive-declarative-settings branch from cd742aa to e570179 Compare May 27, 2025 18:09
oleksandr-nc
oleksandr-nc approved these changes May 28, 2025
View reviewed changes
Copy link
Contributor

@oleksandr-nc oleksandr-nc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

overall it looks good

@andrey18106 andrey18106 force-pushed the feat/sensitive-declarative-settings branch from e570179 to ca17680 Compare May 28, 2025 17:13
@nextcloud-command nextcloud-command requested a review from a team as a code owner May 28, 2025 17:40
@andrey18106
feat: add support for sensitive Declarative settings values encryption
7994332 
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
@andrey18106 andrey18106 force-pushed the feat/sensitive-declarative-settings branch from 7573fe6 to 7994332 Compare May 28, 2025 17:45
@andrey18106
Copy link
Contributor Author

andrey18106 commented May 28, 2025

/compile

@nextcloud-command
chore(assets): Recompile assets
17518f9 
Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com>
@AndyScherzinger AndyScherzinger added this to the Nextcloud 32 milestone May 28, 2025
@AndyScherzinger AndyScherzinger enabled auto-merge May 28, 2025 18:12
@AndyScherzinger AndyScherzinger merged commit 0f5db1b into master May 28, 2025
202 of 204 checks passed
@AndyScherzinger AndyScherzinger deleted the feat/sensitive-declarative-settings branch May 28, 2025 18:21
@skjnldsv skjnldsv mentioned this pull request Aug 19, 2025
Merged
@skjnldsv skjnldsv modified the milestones: Nextcloud 32, Nextcloud 33 Sep 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@provokateurin provokateurin provokateurin left review comments

@susnux susnux susnux approved these changes

@oleksandr-nc oleksandr-nc oleksandr-nc approved these changes

@julien-nc julien-nc Awaiting requested review from julien-nc

@janepie janepie Awaiting requested review from janepie

@ArtificialOwl ArtificialOwl Awaiting requested review from ArtificialOwl ArtificialOwl is a code owner automatically assigned from nextcloud/server-backend

@leftybournes leftybournes Awaiting requested review from leftybournes leftybournes is a code owner automatically assigned from nextcloud/server-backend

@skjnldsv skjnldsv Awaiting requested review from skjnldsv skjnldsv is a code owner automatically assigned from nextcloud/server-frontend

Assignees

No one assigned

Labels

3. to review Waiting for reviews feature: settings

Projects

None yet

Milestone

Nextcloud 32

Development

Successfully merging this pull request may close these issues.

Save passwords as sensitive values

7 participants

@andrey18106 @susnux @provokateurin @oleksandr-nc @AndyScherzinger @skjnldsv @nextcloud-command