[PR #4115] [CLOSED] feat: Config class to handle secrets #8195

New Issue

GiteaMirror · 2025-11-11T17:47:25-06:00

GiteaMirror commented

2025-11-11 17:47:25 -06:00

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/4115
Author: @michaelpoluektov
Created: 7/25/2024
Status: ❌ Closed

Base: dev ← Head: encrypt-secrets-2

📝 Commits (10+)

75c5657 wip: secret key to fernet
4ddb8b6 wip: add microsoft and oauth as secrets
0672bc3 wip: change encrypted to suffix
394671c remove debub print
57d46cc comment update
603ade8 refac: simplify config.py
e2bd4fb fix walrus bug
625bd7f refac: type hints and error message
8c33e80 undo refac
cf9994b remove debug print

📊 Changes

1 file changed (+104 additions, -53 deletions)

View changed files

📝 backend/config.py (+104 -53)

📄 Description

Pull Request Checklist

Issue tracked here: https://github.com/open-webui/open-webui/issues/3831

Before submitting, make sure you've checked the following:

Target branch: Please verify that the pull request targets the dev branch.
Description: Provide a concise description of the changes made in this pull request.
Changelog: Ensure a changelog entry following the format of Keep a Changelog is added at the bottom of the PR description.
Documentation: Have you updated relevant documentation Open WebUI Docs, or other documentation sources?
Dependencies: Are there any new dependencies? Have you updated the dependency versions in the documentation?
Testing: Have you written and run sufficient tests for validating the changes?
Code review: Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards?
Prefix: To cleary categorize this pull request, prefix the pull request title, using one of the following:
- BREAKING CHANGE: Significant changes that may affect compatibility
- build: Changes that affect the build system or external dependencies
- ci: Changes to our continuous integration processes or workflows
- chore: Refactor, cleanup, or other non-functional code changes
- docs: Documentation update or addition
- feat: Introduces a new feature or enhancement to the codebase
- fix: Bug fix or error correction
- i18n: Internationalization or localization changes
- perf: Performance improvement
- refactor: Code restructuring for better maintainability, readability, or scalability
- style: Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc.)
- test: Adding missing tests or correcting existing tests
- WIP: Work in progress, a temporary label for incomplete or ongoing work

Changelog Entry

Description

This could enable adding OAuth support directly from the admin panel at some point.

Small refactor of backend/config.py
Encrypt secrets in storage for (slightly) better security

Added

SecretConfig class to handle secret variables (for now, just OAuth), which are encrypted using WEBUI_SECRET_KEY when saved.

Changed

GOOGLE_CLIENT_SECRET, MICROSOFT_CLIENT_SECRET and OAUTH_CLIENT_SECRET are now SecretConfig's.

Deprecated

Storage of secrets in plaintext

Security

Encrypt secrets in storage by default

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/4115 **Author:** [@michaelpoluektov](https://github.com/michaelpoluektov) **Created:** 7/25/2024 **Status:** ❌ Closed **Base:** `dev` ← **Head:** `encrypt-secrets-2` --- ### 📝 Commits (10+) - [`75c5657`](https://github.com/open-webui/open-webui/commit/75c56571023324bcc2b6513cdf0d2cf8269b6891) wip: secret key to fernet - [`4ddb8b6`](https://github.com/open-webui/open-webui/commit/4ddb8b61da0b6d8ad4d8f68b8d02635f9a270a9e) wip: add microsoft and oauth as secrets - [`0672bc3`](https://github.com/open-webui/open-webui/commit/0672bc301ea6566723997a00e4315cf031ace771) wip: change encrypted to suffix - [`394671c`](https://github.com/open-webui/open-webui/commit/394671c911a19fddbba13adfb3c7e791bc02f876) remove debub print - [`57d46cc`](https://github.com/open-webui/open-webui/commit/57d46cc3c0c73c6728437d5b39d064950b2e172c) comment update - [`603ade8`](https://github.com/open-webui/open-webui/commit/603ade87178f4819b2877ef19a93b7b6509089f3) refac: simplify config.py - [`e2bd4fb`](https://github.com/open-webui/open-webui/commit/e2bd4fb280358b8ed9d81c8dad42b22552bbbca9) fix walrus bug - [`625bd7f`](https://github.com/open-webui/open-webui/commit/625bd7f07d2b1a672dd633cf77e7f56e7b3fac74) refac: type hints and error message - [`8c33e80`](https://github.com/open-webui/open-webui/commit/8c33e8027411690d1f399c73b7f8304830aa1432) undo refac - [`cf9994b`](https://github.com/open-webui/open-webui/commit/cf9994b04ef12e6313d0105de65970850ca28d80) remove debug print ### 📊 Changes **1 file changed** (+104 additions, -53 deletions) <details> <summary>View changed files</summary> 📝 `backend/config.py` (+104 -53) </details> ### 📄 Description # Pull Request Checklist Issue tracked here: https://github.com/open-webui/open-webui/issues/3831 **Before submitting, make sure you've checked the following:** - [x] **Target branch:** Please verify that the pull request targets the `dev` branch. - [x] **Description:** Provide a concise description of the changes made in this pull request. - [x] **Changelog:** Ensure a changelog entry following the format of [Keep a Changelog](https://keepachangelog.com/) is added at the bottom of the PR description. - [ ] **Documentation:** Have you updated relevant documentation [Open WebUI Docs](https://github.com/open-webui/docs), or other documentation sources? - [ ] **Dependencies:** Are there any new dependencies? Have you updated the dependency versions in the documentation? - [x] **Testing:** Have you written and run sufficient tests for validating the changes? - [x] **Code review:** Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards? - [x] **Prefix:** To cleary categorize this pull request, prefix the pull request title, using one of the following: - **BREAKING CHANGE**: Significant changes that may affect compatibility - **build**: Changes that affect the build system or external dependencies - **ci**: Changes to our continuous integration processes or workflows - **chore**: Refactor, cleanup, or other non-functional code changes - **docs**: Documentation update or addition - **feat**: Introduces a new feature or enhancement to the codebase - **fix**: Bug fix or error correction - **i18n**: Internationalization or localization changes - **perf**: Performance improvement - **refactor**: Code restructuring for better maintainability, readability, or scalability - **style**: Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc.) - **test**: Adding missing tests or correcting existing tests - **WIP**: Work in progress, a temporary label for incomplete or ongoing work # Changelog Entry ### Description This could enable adding OAuth support directly from the admin panel at some point. - Small refactor of `backend/config.py` - Encrypt secrets in storage for (slightly) better security ### Added - `SecretConfig` class to handle secret variables (for now, just OAuth), which are encrypted using `WEBUI_SECRET_KEY` when saved. ### Changed - `GOOGLE_CLIENT_SECRET`, `MICROSOFT_CLIENT_SECRET` and `OAUTH_CLIENT_SECRET` are now `SecretConfig`'s. ### Deprecated - Storage of secrets in plaintext ### Security - Encrypt secrets in storage by default --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2025-11-11 17:47:25 -06:00

GiteaMirror closed this issue

2025-11-11 17:47:25 -06:00

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#8195