From 885dbf67d560328ba8346da9c5674fc609f23938 Mon Sep 17 00:00:00 2001
From: Daniel Quinn <code@danielquinn.org>
Date: Sun, 4 Feb 2018 13:11:35 +0000
Subject: [PATCH] Set STORAGE_TYPE instead of ENABLE_ENCRYPTION boolean

This allows for future decisions around the types of encryption used (if any).  Ideally, I want to replace GPG one day with something elegant out of the cryptography module.
---
 paperless.conf.example    | 8 ++++++++
 src/paperless/settings.py | 9 ++++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/paperless.conf.example b/paperless.conf.example
index 45c532fe1..72adf9d48 100644
--- a/paperless.conf.example
+++ b/paperless.conf.example
@@ -59,6 +59,14 @@ PAPERLESS_EMAIL_SECRET=""
 ####                              Security                                 ####
 ###############################################################################
 
+# By default, Paperless will attempt to GPG encrypt your PDF files using the
+# PAPERLESS_PASSPHRASE specified below.  If however you're not concerned about
+# encrypting these files (for example if you have disk encryption locally) then
+# you don't need this and can safely turn it off by setting
+# PAPERLESS_STORAGE_TYPE="unencrypted" here.  In such a case, the PASSPHRASE
+# value set below will be ignored.
+#PAPERLESS_STORAGE_TYPE="gpg"
+
 # You must have a passphrase in order for Paperless to work at all.  If you set
 # this to "", GNUGPG will "encrypt" your PDF by writing it out as a zero-byte
 # file.
diff --git a/src/paperless/settings.py b/src/paperless/settings.py
index a019ac7fb..33765c748 100644
--- a/src/paperless/settings.py
+++ b/src/paperless/settings.py
@@ -251,6 +251,14 @@ CONSUMPTION_DIR = os.getenv("PAPERLESS_CONSUMPTION_DIR")
 # slowly, you may want to use a higher value than the default.
 CONSUMER_LOOP_TIME = int(os.getenv("PAPERLESS_CONSUMER_LOOP_TIME", 10))
 
+# By default, Paperless will attempt to GPG encrypt your PDF files using the
+# PASSPHRASE specified below.  If however you're not concerned about encrypting
+# these files (for example if you have disk encryption locally) then
+# you don't need this and can safely turn it off by setting STORAGE_TYPE to
+# "unencrypted" here.  In such a case, the PASSPHRASE value set below will be
+# ignored.
+STORAGE_TYPE = os.getenv("PAPERLESS_STORAGE_TYPE", "gpg")
+
 # This is used to encrypt the original documents and decrypt them later when
 # you want to download them.  Set it and change the permissions on this file to
 # 0600, or set it to `None` and you'll be prompted for the passphrase at
@@ -259,7 +267,6 @@ CONSUMER_LOOP_TIME = int(os.getenv("PAPERLESS_CONSUMER_LOOP_TIME", 10))
 # with GPG, including an interesting case where it may "encrypt" zero-byte
 # files.
 PASSPHRASE = os.getenv("PAPERLESS_PASSPHRASE")
-ENABLE_ENCRYPTION = os.getenv('DISABLE_ENCRYPTION') != 'true'
 
 # Trigger a script after every successful document consumption?
 PRE_CONSUME_SCRIPT = os.getenv("PAPERLESS_PRE_CONSUME_SCRIPT")