Package com.axelor.db.converters

Class EncryptedFieldService

java.lang.Object
com.axelor.db.converters.EncryptedFieldService
public class EncryptedFieldService extends Object
The service can be used to migrate all the encrypted field values.

This utility method migrate() can be used to migrate encrypted field values if you want to change encryption algorithm or password or salt.

Following encryption settings will be read from axelor-config.properties for the migration.

  • encryption.old-algorithm the old algorithm, empty if not set previously
  • encryption.old-password the old password, empty if not set previously
and new settings:
  • encryption.algorithm the new algorithm, empty if want to use default
  • encryption.password the new password (required)

  • Constructor Details

    • EncryptedFieldService

      public EncryptedFieldService()

  • Method Details

    • migrate

      public void migrate()
      Migrates all encrypted field values across all models.

      Iterates over every registered model and re-encrypts each encrypted field using the new algorithm and password configured in axelor-config.properties.

      Throws:
      IllegalStateException - if the new encryption password is not configured

    • migrate

      public void migrate(Class<?> model, String... fields)
      Migrates encrypted field values for the given model.

      If no field names are provided, all encrypted fields of the model are migrated. Each value is decrypted using the old encryptor (via the JPA converter) and re-encrypted using the new algorithm and password. Updates are executed in batches via JDBC for efficiency.

      Parameters:
      model - the model class whose encrypted fields should be migrated
      fields - optional list of specific field names to migrate; if empty, all encrypted fields are migrated
      Throws:
      IllegalStateException - if the new encryption password is not configured