Encrypting sensitive data - Flet

Overview

Encrypting sensitive data (tokens, keys, credit card numbers) at rest is crucial to prevent data breaches. Flet provides utility methods for symmetric encryption and decryption of text data.

Algorithm

Uses Fernet implementation from the cryptography package (AES 128 with hardening).

Derives the encryption key from a user passphrase using PBKDF2.

Secret Key

An arbitrary password-like string used for encryption/decryption.

Used to derive a 32-byte encryption key.

**Security Warning:** Do not embed secrets directly in source code.

**Recommended Usage:** Provide via environment variables.

  import os
  secret_key = os.getenv("MY_APP_SECRET_KEY")

**Environment Variable Setup:**

  export MY_APP_SECRET_KEY=""

**Alternative Methods:** Secrets can also be injected via mounted secret files or vault services.

Encryption

Use the flet.security.encrypt() method.

Accepts plain text string and the secret key.

Returns a URL-safe base64-encoded string.

**Input Constraint:** Accepts strings only. Non-string objects must be serialized (e.g., to JSON) before encryption.

from flet.security import encryptsecret_key = os.getenv("MY_APP_SECRET_KEY")
plain_text = "This is a secret message!"
encrypted_data = encrypt(plain_text, secret_key)

Decryption

Use the flet.security.decrypt() method.

Accepts the encrypted data (URL-safe base64 string) and the secret key.

Returns the original plain text string.

from flet.security import decryptsecret_key = os.getenv("MY_APP_SECRET_KEY")
encrypted_data = "..."
plain_text = decrypt(encrypted_data, secret_key)
print(plain_text)

Platform Support

Python environment where cryptography package can be installed.

Dependencies

cryptography package.

Previous arrow_back Drag and drop

Next Expanding controls arrow_forward