Skip to content

[17.0][ADD] encrypted_field: new module for encrypted field type #3564

Open
jpsteil wants to merge 6 commits intoOCA:17.0from
jpsteil:17.0-add-encrypted_field
Open

[17.0][ADD] encrypted_field: new module for encrypted field type #3564
jpsteil wants to merge 6 commits intoOCA:17.0from
jpsteil:17.0-add-encrypted_field

Conversation

@jpsteil
Copy link

@jpsteil jpsteil commented Mar 19, 2026

Adds a new field type for storing sensitive data (SSN, Tax IDs, etc.) with transparent Fernet encryption.

Features:

  • Encrypted field type extending fields.Char
  • Fernet encryption (AES-128-CBC with HMAC-SHA256)
  • Configurable masking (last4, first4, full)
  • Built-in format patterns (SSN, EIN, phone, credit card)
  • Group-based access control for revealing values
  • Reveal widget with eye icon for forms
  • Audit logging of decrypted value access
  • Key rotation wizard
  • Migration tool for encrypting existing data

Test plan

  • 68 unit tests included
  • Manual testing of field creation and encryption
  • Manual testing of reveal widget in form views
  • Manual testing of key rotation wizard
  • Manual testing of migration wizard

jpsteil added 6 commits March 19, 2026 13:32
@jpsteil
[ADD] encrypted_field: new module for encrypted field type
2142b76 
Adds a new field type for storing sensitive data (SSN, Tax IDs, etc.)
with transparent Fernet encryption.

Features:
- Encrypted field type extending fields.Char
- Fernet encryption (AES-128-CBC with HMAC-SHA256)
- Configurable masking (last4, first4, full)
- Built-in format patterns (SSN, EIN, phone, credit card)
- Group-based access control for revealing values
- Reveal widget with eye icon for forms
- Audit logging of decrypted value access
- Key rotation wizard
- Migration tool for encrypting existing data
@jpsteil
[FIX] encrypted_field: OCA pre-commit compliance
14bfdb9 
- Remove encoding pragmas (Python 3 default)
- Remove deprecated 'description' key from manifest
- Remove deprecated 'string=' from <tree> XML tag
- Rename 'format' parameter to 'format_pattern' to avoid shadowing builtin
- Use named placeholders in translated strings (%(name)s instead of %s)
- Add 'raise ... from err' for proper exception chaining
- Add logging to except blocks instead of bare pass
- Add pylint disable comments for intentional cr.commit() and SQL
- Add pyproject.toml for whool build system
- Fix JS module syntax for eslint compliance
- Remove redundant string= attributes from field definitions
@jpsteil
[FIX] encrypted_field: fix remaining pre-commit issues
25cde74 
- Use f-strings instead of % formatting (UP031)
- Refactor _mask_value to reduce complexity (C901)
- Fix @odoo-module annotation for eslint
@jpsteil
Fix pre-commit issues for encrypted_field module
a3354aa 
- Rename JS file to .esm.js for ES module recognition by OCA eslint
- Fix import sorting in JS file
- Apply prettier formatting to all XML files
- Apply ruff formatting and fixes to Python files
@jpsteil
Fix format_pattern typo and test attribute name
e7ea97e 
- Fix typo: format_pattern_pattern -> format_pattern in __init__
- Fix test: check format_pattern attribute instead of format
@jpsteil
Trigger CI re-run
3853b16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jpsteil