Breaking: Remove support for document and thumbnail encryption (#11850)

2026-01-26 22:49:01 -06:00 · 2026-01-24 19:29:54 -08:00
parent 4271812c2d
commit d0032c18be
27 changed files with 57 additions and 460 deletions
--- a/src/paperless/db.py
+++ b/src/paperless/db.py
@@ -1,17 +0,0 @@
-import gnupg
-from django.conf import settings
-
-
-class GnuPG:
-    """
-    A handy singleton to use when handling encrypted files.
-    """
-
-    gpg = gnupg.GPG(gnupghome=settings.GNUPG_HOME)
-
-    @classmethod
-    def decrypted(cls, file_handle, passphrase=None):
-        if not passphrase:
-            passphrase = settings.PASSPHRASE
-
-        return cls.gpg.decrypt_file(file_handle, passphrase=passphrase).data
--- a/src/paperless/settings.py
+++ b/src/paperless/settings.py
@@ -1203,19 +1203,6 @@ EMAIL_PARSE_DEFAULT_LAYOUT = __get_int(
    1,  # MailRule.PdfLayout.TEXT_HTML but that can't be imported here
 )

-# Pre-2.x versions of Paperless stored your documents locally with GPG
-# encryption, but that is no longer the default.  This behaviour is still
-# available, but it must be explicitly enabled by setting
-# `PAPERLESS_PASSPHRASE` in your environment or config file.  The default is to
-# store these files unencrypted.
-#
-# Translation:
-# * If you're a new user, you can safely ignore this setting.
-# * If you're upgrading from 1.x, this must be set, OR you can run
-#   `./manage.py change_storage_type gpg unencrypted` to decrypt your files,
-#   after which you can unset this value.
-PASSPHRASE = os.getenv("PAPERLESS_PASSPHRASE")
-
 # Trigger a script after every successful document consumption?
 PRE_CONSUME_SCRIPT = os.getenv("PAPERLESS_PRE_CONSUME_SCRIPT")
 POST_CONSUME_SCRIPT = os.getenv("PAPERLESS_POST_CONSUME_SCRIPT")