Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(flags-hackathon): Encrypted payloads on remote config feature flags #27414

Open
wants to merge 130 commits into
base: master
Choose a base branch
from
Open

feat(flags-hackathon): Encrypted payloads on remote config feature flags #27414

wants to merge 130 commits into from
+624 −124

Conversation

havenbarnes
Copy link
Contributor

@havenbarnes havenbarnes commented Jan 9, 2025
edited
Loading

Problem

Follow-up to #27376 - adds support for encrypted payloads

Changes

Demo:
https://drive.google.com/file/d/1punn1c1yV2CXhsJ4ajelh89Mndqvz64n/view

  • Adds UX (for remote config flags only) allowing users to mark payloads as needing to be encrypted
  • Adds backend support for encrypting payloads on create / update, and for decrypting (or redacting) encrypted payloads on retrieve and list calls
  • Adds new endpoint GET .../feature_flags/:flagId/remote_config for fetching decrypted payload values when authenticated with personal API key
  • Adds "Remote config" as a filter option on the all feature flags table

Does this work well for both Cloud and self-hosted?

No differences

How did you test this code?

Added visual regression tests, will add/update API tests as well

@havenbarnes havenbarnes changed the base branch from master to config-flags January 9, 2025 19:13
@posthog-bot
Copy link
Contributor

📸 UI snapshots have been updated

2 snapshot changes in total. 0 added, 2 modified, 0 deleted:

  • chromium: 0 added, 2 modified, 0 deleted (diff for shard 1)
  • webkit: 0 added, 0 modified, 0 deleted

Triggered by this commit.

👉 Review this PR's diff of snapshots.

@havenbarnes havenbarnes changed the title feat(flags-hackathon): Enabled simple remote config feature flags feat(flags-hackathon): Encrypted payloads on remote config feature flags Jan 10, 2025
@posthog-bot
Copy link
Contributor

📸 UI snapshots have been updated

1 snapshot changes in total. 0 added, 1 modified, 0 deleted:

  • chromium: 0 added, 1 modified, 0 deleted (diff for shard 1)
  • webkit: 0 added, 0 modified, 0 deleted

Triggered by this commit.

👉 Review this PR's diff of snapshots.

@posthog-bot
Copy link
Contributor

📸 UI snapshots have been updated

1 snapshot changes in total. 0 added, 1 modified, 0 deleted:

  • chromium: 0 added, 1 modified, 0 deleted (diff for shard 1)
  • webkit: 0 added, 0 modified, 0 deleted

Triggered by this commit.

👉 Review this PR's diff of snapshots.

@havenbarnes havenbarnes marked this pull request as ready for review February 3, 2025 17:22
@havenbarnes havenbarnes mentioned this pull request Feb 3, 2025
Open
greptile-apps[bot]
greptile-apps bot reviewed Feb 3, 2025
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Summary

I'll provide a concise summary of the key changes in this PR for adding encrypted payloads to remote config feature flags:

Added support for encrypting sensitive payload data in remote configuration feature flags, with a focus on secure access through personal API keys.

  • Added new has_encrypted_payloads field to feature flag model with corresponding UI controls and database migration
  • Added encryption/decryption helpers in encrypted_flag_payloads.py for secure payload handling
  • Added new /remote_config endpoint for fetching decrypted values when authenticated with personal API key
  • Limited encrypted payload support to API SDK initially (with plans to add Node.js, Python, Go, Ruby later)
  • Added "Remote config" filter option in feature flags table for better discoverability

The changes are well-structured across frontend and backend with proper validation and access control in place.

18 file(s) reviewed, 11 comment(s)
Edit PR Review Bot Settings | Greptile

frontend/src/scenes/feature-flags/FeatureFlagInstructions.tsx Outdated Show resolved Hide resolved
frontend/src/scenes/feature-flags/FeatureFlagSnippets.tsx Show resolved Hide resolved
posthog/api/feature_flag.py Show resolved Hide resolved
posthog/api/feature_flag.py Show resolved Hide resolved
posthog/api/feature_flag.py Outdated Show resolved Hide resolved
posthog/helpers/encrypted_flag_payloads.py Outdated Show resolved Hide resolved
posthog/helpers/encrypted_flag_payloads.py Show resolved Hide resolved
posthog/migrations/0559_encrypt_feature_flag_config.py Outdated Show resolved Hide resolved
frontend/src/scenes/feature-flags/FeatureFlag.tsx Show resolved Hide resolved
frontend/src/scenes/feature-flags/FeatureFlag.tsx Outdated Show resolved Hide resolved
@dmarticus dmarticus mentioned this pull request Feb 5, 2025
Open
dmarticus
dmarticus reviewed Feb 7, 2025
View reviewed changes
Copy link
Contributor

@dmarticus dmarticus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a few additional questions on top of greptile yapping (tbh I think the greptile yaps were mostly pretty good; what a neat tool)

frontend/src/scenes/feature-flags/FeatureFlagCodeOptions.tsx Outdated Show resolved Hide resolved
frontend/src/scenes/feature-flags/FeatureFlagSnippets.tsx Show resolved Hide resolved
frontend/src/scenes/feature-flags/__mocks__/feature_flags.json Show resolved Hide resolved
dmarticus
dmarticus reviewed Feb 7, 2025
View reviewed changes
Copy link
Contributor

@dmarticus dmarticus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a few additional questions on top of greptile yapping (tbh I think the greptile yaps were mostly pretty good; what a neat tool)

havenbarnes and others added 11 commits February 10, 2025 12:45
@havenbarnes
Merge branch 'master' of https://github.com/PostHog/posthog into encr…
aa844e4 
…ypted-config-flags
@havenbarnes
update migration script
700605b
@havenbarnes @greptile-apps
Update frontend/src/scenes/feature-flags/FeatureFlagInstructions.tsx
f7459af 
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
@havenbarnes @greptile-apps
Update posthog/api/feature_flag.py
a665b64 
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
@havenbarnes @greptile-apps
Update posthog/helpers/encrypted_flag_payloads.py
f0c1d42 
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
@havenbarnes
Clean up + address comments
6f83e7e
@havenbarnes
Merge branch 'master' of https://github.com/PostHog/posthog into encr…
7b19d74 
…ypted-config-flags
@havenbarnes
Merge branch 'master' of https://github.com/PostHog/posthog into encr…
405e17c 
…ypted-config-flags
@havenbarnes
Merge branch 'encrypted-config-flags' of https://github.com/PostHog/p…
b332c8f 
…osthog into encrypted-config-flags
@github-actions
Update UI snapshots for chromium (1)
3271dbc
@github-actions
Update UI snapshots for chromium (2)
86cefaf
@posthog-bot
Copy link
Contributor

📸 UI snapshots have been updated

7 snapshot changes in total. 0 added, 7 modified, 0 deleted:

Triggered by this commit.

👉 Review this PR's diff of snapshots.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

@dmarticus dmarticus Awaiting requested review from dmarticus

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@havenbarnes @posthog-bot @dmarticus