Skip to content

INTPYTHON-527 Add Queryable Encryption support #329

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 58 commits into
base: main
Choose a base branch
from
Open

INTPYTHON-527 Add Queryable Encryption support #329

wants to merge 58 commits into from
+2,240 −158

Conversation

@aclark4life
Copy link
Collaborator

@aclark4life aclark4life commented Jun 27, 2025
edited
Loading

Previous attempts and additional context here:

aclark4life
aclark4life commented Jun 27, 2025
View reviewed changes
aclark4life
aclark4life commented Jun 27, 2025
View reviewed changes
aclark4life
aclark4life commented Jun 27, 2025
View reviewed changes
timgraham
timgraham reviewed Jun 27, 2025
View reviewed changes
@aclark4life

This comment was marked as resolved.

Sign in to view
@timgraham

This comment was marked as resolved.

Sign in to view
@aclark4life

This comment was marked as resolved.

Sign in to view
@timgraham

This comment was marked as resolved.

Sign in to view
@aclark4life

This comment was marked as resolved.

Sign in to view
timgraham
timgraham reviewed Jun 30, 2025
View reviewed changes
timgraham
timgraham reviewed Jul 1, 2025
View reviewed changes
timgraham
timgraham reviewed Jul 1, 2025
View reviewed changes
@aclark4life

This comment was marked as resolved.

Sign in to view
@aclark4life

This comment was marked as resolved.

Sign in to view
timgraham
timgraham reviewed Jul 4, 2025
View reviewed changes
timgraham
timgraham reviewed Jul 4, 2025
View reviewed changes
timgraham
timgraham reviewed Jul 7, 2025
View reviewed changes
aclark4life
aclark4life commented Jul 7, 2025
View reviewed changes
@aclark4life

This comment was marked as resolved.

Sign in to view
@timgraham

This comment was marked as resolved.

Sign in to view
@aclark4life

This comment was marked as resolved.

Sign in to view
@aclark4life

This comment was marked as resolved.

Sign in to view
timgraham
timgraham reviewed Jul 9, 2025
View reviewed changes
timgraham
timgraham reviewed Jul 9, 2025
View reviewed changes
timgraham
timgraham reviewed Jul 9, 2025
View reviewed changes
@aclark4life

This comment was marked as resolved.

Sign in to view
aclark4life
aclark4life commented Jul 11, 2025
View reviewed changes
@timgraham

This comment was marked as resolved.

Sign in to view
@aclark4life

This comment was marked as resolved.

Sign in to view
@timgraham

This comment was marked as resolved.

Sign in to view
aclark4life and others added 25 commits October 24, 2025 14:03
@aclark4life
Code review updates
4c3253c
@aclark4life
Add fields and corresponding tests
462216d 
- EncryptedArrayField
- EncryptedObjectIdField
- EncryptedUUIDField
@aclark4life
Update docs
dbfeb10
@timgraham @aclark4life
Fix Router.db_for_read()/write()
e4f8eee
@timgraham @aclark4life
revert evergreen run-tests.sh change
8659925 
queryable encryption doesn't run there (at least for now).
@timgraham @aclark4life
add model to RawQuerySet to prevent router from crashing
6407d97
@aclark4life
Uncomment assertEncrypted tests
364e244 
Router fixed in 9716016
@aclark4life
Update docs
c92513b
@aclark4life
Fix test_uuid
afd13b1 
Belongs with Django field tests
@timgraham @aclark4life
make the test runner use a test key vault namespace
fd9268d
@aclark4life
Code review fixes
3b44fa9
@timgraham @aclark4life
prohibit db_index and unique=True on encrypted fields
778ff46
@aclark4life
Re-add assertEncrypted for all field tests
ccfbb4d
@aclark4life
Remove workaround for mongo-orchestration 268
7d366d5 
mongodb-labs/mongo-orchestration#268
@aclark4life
Revert "Remove workaround for mongo-orchestration 268"
001fe9d 
This reverts commit e71a348.
@aclark4life
Update docs
13b29c3 
Unfortunately I think we'll need to explain this by example. I'm tempted
to use `mongosh` but probably best to stick to Python.
@aclark4life
Remove duplicate limitations section
ef14611 
Added in 892bb6b (unless we need to
call out queryset limitations in addition)
@aclark4life
Add admonition about range queries vs. lookups
93d954f
@aclark4life
Document Query types vs. Django lookups
24e4a1b
@aclark4life
Don't forget to migrate with --database encrypted
9fc794a
@aclark4life
Use same keyvault namespace as QE tutorial
bb1fe08 
It doesn't really matter but may as well be consistent with tutorial when
possible. Curiously and confusingly the CSFLE spec uses "keyvault.datakeys".
@aclark4life
Update docs
8bbe6a7
@aclark4life
Remove KMS_CREDENTIALS
8c515e4 
Also conditionally include `master_key` in call to `create_data_key` if
kms_provider != "local".
@aclark4life
Include a note about db routers in QE topic guide
000e0ef
@aclark4life
Add EncryptedModelAdmin for encrypted fields
7404286 
Paginator not working yet.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timgraham timgraham timgraham left review comments

@WaVEV WaVEV WaVEV left review comments

Copilot code review Copilot Copilot left review comments

@Jibola Jibola Awaiting requested review from Jibola

+1 more reviewer

@addaleax addaleax addaleax approved these changes

Reviewers whose approvals may not affect merge requirements

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@aclark4life @timgraham @blink1073 @addaleax @Jibola @WaVEV