Skip to content

Add walking up parent directories when loading dotenv files#4147

Open
revolter wants to merge 5 commits into
sqlitebrowser:masterfrom
revolter:feature/sqlcipher-passwords-walk-parents
Open

Add walking up parent directories when loading dotenv files#4147
revolter wants to merge 5 commits into
sqlitebrowser:masterfrom
revolter:feature/sqlcipher-passwords-walk-parents

Conversation

@revolter

@revolter revolter commented Jun 6, 2026

Copy link
Copy Markdown
Member

Previously, only a .env file next to the database was checked.
Now parent directories are searched until a matching password entry
is found.

Related-to: 3cdc65a (#1404).

revolter added 5 commits June 6, 2026 18:26
@revolter
Add missing explicit QSettings import
55ab149 
It is used to load the dotenv file.
@revolter
Remove superfluous local variable
b872e83
@revolter
Fix local variables not being marked as constants
d6d637f
@revolter
Fix superfluously trying to parse missing dotenv files
061b9ec
@revolter
Add walking up parent directories when loading dotenv files
70f0f22 
Previously, only a `.env` file next to the database was checked.
Now parent directories are searched until a matching password entry
is found.

Related-to: 3cdc65a
@revolter revolter self-assigned this Jun 6, 2026
@revolter revolter requested review from Copilot and mgrojo June 6, 2026 16:52
Copilot AI reviewed Jun 6, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR enhances the SQLCipher “dotenv” auto-unlock flow by extending the .env lookup beyond the database’s directory: it now walks up parent directories until it finds a matching password entry for the database filename. This builds on the earlier dotenv-based encrypted DB opening work referenced in PR #1404.

Changes:

  • Add QSettings include to support reading .env files.
  • Replace single-directory .env lookup with a parent-directory search loop, stopping once a matching password entry is found.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/sqlitedb.cpp
@mgrojo

mgrojo commented Jun 8, 2026

Copy link
Copy Markdown
Member

Hi @revolter,
I have mixed feelings about this change. I assume your use case is that you have several database files in subdirectories, and a single .env file applicable to all of them in the parent directory or in the project root. But what happens if we load in memory a .env file which wasn't for us and contains other secrets. I guess nothing very important, besides failing to open the database, but it put us in a risky situation.

At least, I think this behaviour should be opt-in through a setting in the preferences' dialog.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mgrojo mgrojo Awaiting requested review from mgrojo

Assignees

@revolter revolter

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@revolter @mgrojo