Skip to content

feat(crypto): decrypt secret objects #482

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

feat(crypto): decrypt secret objects #482

wants to merge 4 commits into from
+36 −10

Conversation

MFori
Copy link
Member

@MFori MFori commented Jun 5, 2025
edited
Loading

Add support for isSecret objects and arrays in input schema and the new form of encrypted value:

ENCRYPTED_JSON_VALUE:{FIELD_SCHEMA_HASH}:{ENCRYPTED_PASSWORD}:{ENCRYPTED_VALUE}

More context here apify/apify-shared-js#515

@MFori MFori self-assigned this Jun 5, 2025
@MFori MFori added the t-console Issues with this label are in the ownership of the console team. label Jun 5, 2025
@github-actions github-actions bot added this to the 116th sprint - Console team milestone Jun 5, 2025
@MFori MFori mentioned this pull request Jun 5, 2025
Open
@github-actions github-actions bot added the tested Temporary label used only programatically for some analytics. label Jul 2, 2025
@MFori MFori requested a review from Copilot July 2, 2025 14:12
Copilot
Copilot AI reviewed Jul 2, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Adds backward-compatible decryption of both legacy encrypted strings and new JSON‐based encrypted values (including objects and arrays).

  • Extends regex and decryption logic to inspect a prefix and decode JSON when needed
  • Introduces separate ENCRYPTED_STRING_VALUE_PREFIX and ENCRYPTED_JSON_VALUE_PREFIX constants
  • Updates tests to cover legacy string, JSON string, object, and array decryption

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File Description
tests/unit/actor/test_actor_key_value_store.py Tests expanded for legacy string and JSON (string, object, array) decryption
src/apify/_crypto.py decrypt_input_secrets now distinguishes prefixes and does json.loads for JSON
src/apify/_consts.py New constants for string vs JSON prefixes and updated regex to capture both formats
Comments suppressed due to low confidence (1)

tests/unit/actor/test_actor_key_value_store.py:87

  • The helper function json_dumps is not defined in this scope. Use json.dumps(secret_string) instead to serialize the value.
    encrypted_string = public_encrypt(json_dumps(secret_string), public_key=PUBLIC_KEY)

@MFori MFori requested review from vdusek and Pijukatel July 2, 2025 14:15
@MFori MFori marked this pull request as ready for review July 2, 2025 14:16
vdusek
vdusek approved these changes Jul 3, 2025
View reviewed changes
Copy link
Contributor

@vdusek vdusek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@vdusek vdusek vdusek approved these changes

@Pijukatel Pijukatel Awaiting requested review from Pijukatel

Assignees

@MFori MFori

Labels
t-console Issues with this label are in the ownership of the console team. tested Temporary label used only programatically for some analytics.
Projects
None yet
Milestone
116th sprint - Console team
Development

Successfully merging this pull request may close these issues.
2 participants
@MFori @vdusek