Encryption at rest support

penberg · penberg · commit 9abc0613cfd2 · 2024-03-15T12:17:18.000+02:00
diff --git a/Cargo.toml b/Cargo.toml
@@ -9,6 +9,6 @@ crate-type = ["cdylib"]
 
 [dependencies]
 pyo3 = "0.19.0"
-libsql = { version = "0.3.0" }
+libsql = { version = "0.3.0", features = ["encryption"] }
 tokio = { version = "1.29.1", features = [ "rt-multi-thread" ] }
 tracing-subscriber = "0.3"
diff --git a/src/lib.rs b/src/lib.rs
@@ -19,7 +19,7 @@ fn is_remote_path(path: &str) -> bool {
 }
 
 #[pyfunction]
-#[pyo3(signature = (database, isolation_level="DEFERRED".to_string(), check_same_thread=true, uri=false, sync_url=None, auth_token=""))]
+#[pyo3(signature = (database, isolation_level="DEFERRED".to_string(), check_same_thread=true, uri=false, sync_url=None, auth_token="", encryption_key=None))]
 fn connect(
     py: Python<'_>,
     database: String,
@@ -28,10 +28,19 @@ fn connect(
     uri: bool,
     sync_url: Option<String>,
     auth_token: &str,
+    encryption_key: Option<String>,
 ) -> PyResult<Connection> {
     let ver = env!("CARGO_PKG_VERSION");
     let ver = format!("libsql-python-rpc-{ver}");
     let rt = tokio::runtime::Runtime::new().unwrap();
+    let encryption_config = match encryption_key {
+        Some(key) => {
+            let cipher = libsql::Cipher::default();
+            let encryption_config = libsql::EncryptionConfig::new(cipher, key.into());
+            Some(encryption_config)
+        }
+        None => None,
+    };
     let db = if is_remote_path(&database) {
         let result = libsql::Database::open_remote_internal(database.clone(), auth_token, ver);
         result.map_err(to_py_err)?
@@ -44,14 +53,23 @@ fn connect(
                     auth_token,
                     Some(ver),
                     true,
-                    None,
+                    encryption_config,
                     None,
                 );
                 tokio::pin!(fut);
                 let result = rt.block_on(check_signals(py, fut));
                 result.map_err(to_py_err)?
             }
-            None => libsql_core::Database::open(database).map_err(to_py_err)?,
+            None => {
+                let mut builder = libsql::Builder::new_local(database);
+                if let Some(config) = encryption_config {
+                    builder = builder.encryption_config(config);
+                }
+                let fut = builder.build();
+                tokio::pin!(fut);
+                let result = rt.block_on(check_signals(py, fut));
+                result.map_err(to_py_err)?
+            }
         }
     };
     let autocommit = isolation_level.is_none();
