diff --git a/docker/install_management_commands.sh b/docker/install_management_commands.sh index be972d605..f7a175e9e 100755 --- a/docker/install_management_commands.sh +++ b/docker/install_management_commands.sh @@ -4,8 +4,7 @@ set -eu -for command in decrypt_documents \ - document_archiver \ +for command in document_archiver \ document_exporter \ document_importer \ mail_fetcher \ diff --git a/docker/rootfs/usr/local/bin/decrypt_documents b/docker/rootfs/usr/local/bin/decrypt_documents deleted file mode 100755 index 4da1549ee..000000000 --- a/docker/rootfs/usr/local/bin/decrypt_documents +++ /dev/null @@ -1,14 +0,0 @@ -#!/command/with-contenv /usr/bin/bash -# shellcheck shell=bash - -set -e - -cd "${PAPERLESS_SRC_DIR}" - -if [[ $(id -u) == 0 ]]; then - s6-setuidgid paperless python3 manage.py decrypt_documents "$@" -elif [[ $(id -un) == "paperless" ]]; then - python3 manage.py decrypt_documents "$@" -else - echo "Unknown user." -fi diff --git a/docs/administration.md b/docs/administration.md index ddf51bf9a..2fb70a806 100644 --- a/docs/administration.md +++ b/docs/administration.md @@ -580,36 +580,6 @@ document. documents, such as encrypted PDF documents. The archiver will skip over these documents each time it sees them. -### Managing encryption {#encryption} - -!!! warning - - Encryption was removed in [paperless-ng 0.9](changelog.md#paperless-ng-090) - because it did not really provide any additional security, the passphrase - was stored in a configuration file on the same system as the documents. - Furthermore, the entire text content of the documents is stored plain in - the database, even if your documents are encrypted. Filenames are not - encrypted as well. Finally, the web server provides transparent access to - your encrypted documents. - - Consider running paperless on an encrypted filesystem instead, which - will then at least provide security against physical hardware theft. - -#### Enabling encryption - -Enabling encryption is no longer supported. - -#### Disabling encryption - -Basic usage to disable encryption of your document store: - -(Note: If `PAPERLESS_PASSPHRASE` isn't set already, you need to specify -it here) - -``` -decrypt_documents [--passphrase SECR3TP4SSPHRA$E] -``` - ### Detecting duplicates {#fuzzy_duplicate} Paperless already catches and prevents upload of exactly matching documents, diff --git a/docs/migration.md b/docs/migration.md index 2ef850cbe..1c934e6df 100644 --- a/docs/migration.md +++ b/docs/migration.md @@ -17,3 +17,9 @@ separating the directory ignore from the file ignore. | `CONSUMER_POLLING_RETRY_COUNT` | _Removed_ | Automatic with stability tracking | | `CONSUMER_IGNORE_PATTERNS` | [`CONSUMER_IGNORE_PATTERNS`](configuration.md#PAPERLESS_CONSUMER_IGNORE_PATTERNS) | **Now regex, not fnmatch**; user patterns are added to (not replacing) default ones | | _New_ | [`CONSUMER_IGNORE_DIRS`](configuration.md#PAPERLESS_CONSUMER_IGNORE_DIRS) | Additional directories to ignore; user entries are added to (not replacing) defaults | + +## Encryption Support + +Document and thumbnail encryption is no longer supported. This was previously deprecated in [paperless-ng 0.9.3](https://github.com/paperless-ngx/paperless-ngx/blob/dev/docs/changelog.md#paperless-ng-093) + +Users must decrypt their document using the `decrypt_documents` command before upgrading.