Overview

Encrypting sensitive data (tokens, keys, credit card numbers) at rest is crucial to prevent data breaches. Flet provides utility methods for symmetric encryption and decryption of text data.

Algorithm

  • Uses Fernet implementation from the cryptography package (AES 128 with hardening).
  • Derives the encryption key from a user passphrase using PBKDF2.
  • Secret Key

  • An arbitrary password-like string used for encryption/decryption.
  • Used to derive a 32-byte encryption key.
  • **Security Warning:** Do not embed secrets directly in source code.
  • **Recommended Usage:** Provide via environment variables.
  •   import os
      secret_key = os.getenv("MY_APP_SECRET_KEY")
      
  • **Environment Variable Setup:**
  •   export MY_APP_SECRET_KEY=""
      
  • **Alternative Methods:** Secrets can also be injected via mounted secret files or vault services.
  • Encryption

  • Use the flet.security.encrypt() method.
  • Accepts plain text string and the secret key.
  • Returns a URL-safe base64-encoded string.
  • **Input Constraint:** Accepts strings only. Non-string objects must be serialized (e.g., to JSON) before encryption.
  • from flet.security import encrypt

    secret_key = os.getenv("MY_APP_SECRET_KEY") plain_text = "This is a secret message!" encrypted_data = encrypt(plain_text, secret_key)

    Decryption

  • Use the flet.security.decrypt() method.
  • Accepts the encrypted data (URL-safe base64 string) and the secret key.
  • Returns the original plain text string.
  • from flet.security import decrypt

    secret_key = os.getenv("MY_APP_SECRET_KEY") encrypted_data = "..." plain_text = decrypt(encrypted_data, secret_key) print(plain_text)

    Platform Support

  • Python environment where cryptography package can be installed.
  • Dependencies

  • cryptography package.