From 9df06fbb12eecfd25d34cacb17f4b4b16ded6abb Mon Sep 17 00:00:00 2001 From: Daniel Quinn Date: Sun, 27 May 2018 23:21:20 +0100 Subject: [PATCH] Document the big changes for 2.0 --- docker-compose.env.example | 5 +++-- docs/changelog.rst | 29 +++++++++++++++++++++++++++++ paperless.conf.example | 24 ++++++++---------------- 3 files changed, 40 insertions(+), 18 deletions(-) diff --git a/docker-compose.env.example b/docker-compose.env.example index 13c74b6ab..d1c4a2887 100644 --- a/docker-compose.env.example +++ b/docker-compose.env.example @@ -1,8 +1,9 @@ # Environment variables to set for Paperless # Commented out variables will be replaced by a default within Paperless. -# Passphrase Paperless uses to encrypt and decrypt your documents -PAPERLESS_PASSPHRASE=CHANGE_ME +# Passphrase Paperless uses to encrypt and decrypt your documents, if you want +# encryption at all. +# PAPERLESS_PASSPHRASE=CHANGE_ME # The amount of threads to use for text recognition # PAPERLESS_OCR_THREADS=4 diff --git a/docs/changelog.rst b/docs/changelog.rst index 6945b90f6..64e78d6c9 100644 --- a/docs/changelog.rst +++ b/docs/changelog.rst @@ -1,6 +1,35 @@ Changelog ######### +2.0.0 +===== + +This is a big release as we've changed a core-functionality of Paperless: we no +longer encrypt files with GPG by default. + +The reasons for this are many, but it boils down to that the encryption wasn't +really all that useful, as files on-disk were still accessible so long as you +had the key, and the key was most typically stored in the config file. In +other words, your files are only as safe as the ``paperless`` user is. In +addition to that, *the contents of the documents were never encrypted*, so +important numbers etc. were always accessible simply by querying the database. +Still, it was better than nothing, but the consensus from users appears to be +that it was more an annoyance than anything else, so this feature is now turned +off unless you explicitly set a passphrase in your config file. + +Migrating from 1.x +------------------ + +Encryption isn't gone, it's just off for new users. So long as you have +``PAPERLESS_PASSPHRASE`` set in your config or your environment, Paperless +should continue to operate as it always has. If however, you want to drop +encryption too, you only need to do two things: + +1. Run ``./manage.py migrate && ./manage.py change_storage_type gpg unencrypted``. + This will go through your entire database and Decrypt All The Things. +2. Remove ``PAPERLESS_PASSPHRASE`` from your ``paperless.conf`` file, or simply + stop declaring it in your environment. + 1.4.0 ===== diff --git a/paperless.conf.example b/paperless.conf.example index 72adf9d48..6acba5f25 100644 --- a/paperless.conf.example +++ b/paperless.conf.example @@ -59,27 +59,19 @@ PAPERLESS_EMAIL_SECRET="" #### Security #### ############################################################################### -# By default, Paperless will attempt to GPG encrypt your PDF files using the -# PAPERLESS_PASSPHRASE specified below. If however you're not concerned about -# encrypting these files (for example if you have disk encryption locally) then -# you don't need this and can safely turn it off by setting -# PAPERLESS_STORAGE_TYPE="unencrypted" here. In such a case, the PASSPHRASE -# value set below will be ignored. -#PAPERLESS_STORAGE_TYPE="gpg" - -# You must have a passphrase in order for Paperless to work at all. If you set -# this to "", GNUGPG will "encrypt" your PDF by writing it out as a zero-byte -# file. -# -# The passphrase you use here will be used when storing your documents in -# Paperless, but you can always export them in an unencrypted format by using -# document exporter. See the documentation for more information. +# Paperless can be instructed to attempt to encrypt your PDF files with GPG +# using the PAPERLESS_PASSPHRASE specified below. If however you're not +# concerned about encrypting these files (for example if you have disk +# encryption locally) then you don't need this and can safely leave this value +# un-set. # # One final note about the passphrase. Once you've consumed a document with # one passphrase, DON'T CHANGE IT. Paperless assumes this to be a constant and # can't properly export documents that were encrypted with an old passphrase if # you've since changed it to a new one. -PAPERLESS_PASSPHRASE="secret" +# +# The default is to not use encryption at all. +#PAPERLESS_PASSPHRASE="secret" # The secret key has a default that should be fine so long as you're hosting