[PR #16132] [MERGED] feat: Implement SQLCipher support for database encryption #24042

New Issue

GiteaMirror · 2026-04-20T05:12:22-05:00

GiteaMirror commented

2026-04-20 05:12:22 -05:00

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/16132
Author: @rndmcnlly
Created: 7/29/2025
Status: ✅ Merged
Merged: 8/9/2025
Merged by: @tjbck

Base: dev ← Head: feature/sqlcipher-database-encryption

📝 Commits (2)

c9a4bc1 feat: Implement SQLCipher support for database encryption
414d026 fix: swap sqlcipher dependency to sqlcipher3-wheels

📊 Changes

5 files changed (+102 additions, -24 deletions)

View changed files

📝 backend/open_webui/env.py (+3 -0)
📝 backend/open_webui/internal/db.py (+29 -1)
📝 backend/open_webui/internal/wrappers.py (+38 -16)
📝 backend/open_webui/migrations/env.py (+31 -7)
📝 backend/requirements.txt (+1 -0)

📄 Description

Pull Request Checklist

Note to first-time contributors: Please open a discussion post in Discussions and describe your changes before submitting a pull request.

Before submitting, make sure you've checked the following:

Target branch: Please verify that the pull request targets the dev branch.
Description: Provide a concise description of the changes made in this pull request.
Changelog: Ensure a changelog entry following the format of Keep a Changelog is added at the bottom of the PR description.
Documentation: Have you updated relevant documentation Open WebUI Docs, or other documentation sources?
Dependencies: Are there any new dependencies? Have you updated the dependency versions in the documentation?
Testing: Have you written and run sufficient tests to validate the changes?
Code review: Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards?
Prefix: To clearly categorize this pull request, prefix the pull request title using one of the following:
- BREAKING CHANGE: Significant changes that may affect compatibility
- build: Changes that affect the build system or external dependencies
- ci: Changes to our continuous integration processes or workflows
- chore: Refactor, cleanup, or other non-functional code changes
- docs: Documentation update or addition
- feat: Introduces a new feature or enhancement to the codebase
- fix: Bug fix or error correction
- i18n: Internationalization or localization changes
- perf: Performance improvement
- refactor: Code restructuring for better maintainability, readability, or scalability
- style: Changes that do not affect the meaning of the code (white space, formatting, missing semi-colons, etc.)
- test: Adding missing tests or correcting existing tests
- WIP: Work in progress, a temporary label for incomplete or ongoing work

Changelog Entry

Description

Implement feature request #16112
Added sqlcipher3-wheels dependency to requirements.txt for SQLCipher integration (requires library support in environment).
Modified database connection handling in wrappers.py to support encrypted SQLite databases using the new sqlite+sqlcipher:// URL protocol.
Updated db.py to handle SQLCipher URLs for SQLAlchemy connections.
Enhanced Alembic migration environment to support SQLCipher URLs.

Added

By specifying DATABASE_TYPE as sqlite+sqlcipher and providing a DATABASE_PASSWORD, we get full-database encryption via SQLCipher. As an alternative to setting DATABASE_TYPE, a full DATABASE_URL can be used instead (but the key always comes from DATABASE_PASSWORD).

Changed

Behavior when sqlite+sqlcipher is not mentioned is preserved.

Deprecated

n/a

Removed

n/a

Fixed

n/a

Security

docs should be updated with advice on when/how to use database encryption

Breaking Changes

n/a

Additional Information

The initial implementation of this feature depended on the sqlcipher3 package that set up an environmental dependency on build tools. After it was swapped for the sqlcipher3-wheels package, this is no longer the case.

Screenshots or Videos

Contributor License Agreement

By submitting this pull request, I confirm that I have read and fully agree to the Contributor License Agreement (CLA), and I am providing my contributions under its terms.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/16132 **Author:** [@rndmcnlly](https://github.com/rndmcnlly) **Created:** 7/29/2025 **Status:** ✅ Merged **Merged:** 8/9/2025 **Merged by:** [@tjbck](https://github.com/tjbck) **Base:** `dev` ← **Head:** `feature/sqlcipher-database-encryption` --- ### 📝 Commits (2) - [`c9a4bc1`](https://github.com/open-webui/open-webui/commit/c9a4bc18f42778cafd4888dae134ec336fc354aa) feat: Implement SQLCipher support for database encryption - [`414d026`](https://github.com/open-webui/open-webui/commit/414d026d59dc43b69dce2dbd53f7c668e7f152f0) fix: swap sqlcipher dependency to sqlcipher3-wheels ### 📊 Changes **5 files changed** (+102 additions, -24 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/env.py` (+3 -0) 📝 `backend/open_webui/internal/db.py` (+29 -1) 📝 `backend/open_webui/internal/wrappers.py` (+38 -16) 📝 `backend/open_webui/migrations/env.py` (+31 -7) 📝 `backend/requirements.txt` (+1 -0) </details> ### 📄 Description # Pull Request Checklist ### Note to first-time contributors: Please open a discussion post in [Discussions](https://github.com/open-webui/open-webui/discussions) and describe your changes before submitting a pull request. **Before submitting, make sure you've checked the following:** - [x] **Target branch:** Please verify that the pull request targets the `dev` branch. - [x] **Description:** Provide a concise description of the changes made in this pull request. - [x] **Changelog:** Ensure a changelog entry following the format of [Keep a Changelog](https://keepachangelog.com/) is added at the bottom of the PR description. - [ ] **Documentation:** Have you updated relevant documentation [Open WebUI Docs](https://github.com/open-webui/docs), or other documentation sources? - [x] **Dependencies:** Are there any new dependencies? Have you updated the dependency versions in the documentation? - [ ] **Testing:** Have you written and run sufficient tests to validate the changes? - [ ] **Code review:** Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards? - [x] **Prefix:** To clearly categorize this pull request, prefix the pull request title using one of the following: - **BREAKING CHANGE**: Significant changes that may affect compatibility - **build**: Changes that affect the build system or external dependencies - **ci**: Changes to our continuous integration processes or workflows - **chore**: Refactor, cleanup, or other non-functional code changes - **docs**: Documentation update or addition - **feat**: Introduces a new feature or enhancement to the codebase - **fix**: Bug fix or error correction - **i18n**: Internationalization or localization changes - **perf**: Performance improvement - **refactor**: Code restructuring for better maintainability, readability, or scalability - **style**: Changes that do not affect the meaning of the code (white space, formatting, missing semi-colons, etc.) - **test**: Adding missing tests or correcting existing tests - **WIP**: Work in progress, a temporary label for incomplete or ongoing work # Changelog Entry ### Description - Implement feature request #16112 - Added sqlcipher3-wheels dependency to requirements.txt for SQLCipher integration (requires library support in environment). - Modified database connection handling in wrappers.py to support encrypted SQLite databases using the new sqlite+sqlcipher:// URL protocol. - Updated db.py to handle SQLCipher URLs for SQLAlchemy connections. - Enhanced Alembic migration environment to support SQLCipher URLs. ### Added By specifying `DATABASE_TYPE` as `sqlite+sqlcipher` and providing a `DATABASE_PASSWORD`, we get full-database encryption via SQLCipher. As an alternative to setting `DATABASE_TYPE`, a full `DATABASE_URL` can be used instead (but the key always comes from `DATABASE_PASSWORD`). ### Changed Behavior when `sqlite+sqlcipher` is not mentioned is preserved. ### Deprecated n/a ### Removed n/a ### Fixed n/a ### Security - docs should be updated with advice on when/how to use database encryption ### Breaking Changes n/a --- ### Additional Information - The initial implementation of this feature depended on the `sqlcipher3` package that set up an environmental dependency on build tools. After it was swapped for the `sqlcipher3-wheels` package, this is no longer the case. ### Screenshots or Videos <img width="788" height="250" alt="Screenshot 2025-07-29 at 2 55 44 PM" src="https://github.com/user-attachments/assets/7118a0da-ab11-4cd9-b6b0-fc51e9f76673" /> ### Contributor License Agreement By submitting this pull request, I confirm that I have read and fully agree to the [Contributor License Agreement (CLA)](/CONTRIBUTOR_LICENSE_AGREEMENT), and I am providing my contributions under its terms. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2026-04-20 05:12:22 -05:00

GiteaMirror closed this issue

2026-04-20 05:12:25 -05:00

GiteaMirror referenced this issue

2026-04-25 09:52:51 -05:00

[GH-ISSUE #24042] issue: [BUG] 100% CPU after cancel / streaming completion (anyio cancellation loop) #35694

GiteaMirror referenced this issue

2026-05-06 00:15:33 -05:00

[GH-ISSUE #24042] issue: [BUG] 100% CPU after cancel / streaming completion (anyio cancellation loop) #58832

Sign in to join this conversation.