Allow disabling encryption for settings (#43085) (#46773)
* Allow disabling encryption for settings For two settings, we want to disable encryption entirely. On the way out of the data source, we don't need to worry - the decryption is already backwards-compatible with non-encrypted data. On the way in, things are a bit less straightforward. The core of the change is replacing the `t2/deftransform` that *always* runs `encryption/maybe-encrypt` on the value with: - a define-after-select that always tries to decrypt the value (so we can handle existing encrypted values in the db) - a define-before-insert that encrypts the value if the `defsetting` told us to, and - a define-before-update that does the same thing. For now, set two settings to be never-encrypted: `analytics-uuid` and `anon-tracking-enabled`.
Showing
- src/metabase/analytics/snowplow.clj 1 addition, 0 deletionssrc/metabase/analytics/snowplow.clj
- src/metabase/core.clj 1 addition, 0 deletionssrc/metabase/core.clj
- src/metabase/models/interface.clj 0 additions, 5 deletionssrc/metabase/models/interface.clj
- src/metabase/models/setting.clj 54 additions, 5 deletionssrc/metabase/models/setting.clj
- src/metabase/public_settings.clj 1 addition, 0 deletionssrc/metabase/public_settings.clj
Please register or sign in to comment