sqlalchemy.dialects.sqlite.pysqlcipher

Driver

Current dialect selection logic is:

If the :paramref:`_sa.create_engine.module` parameter supplies a DBAPI module, that module is used.
Otherwise for Python 3, choose https://pypi.org/project/sqlcipher3/
If not available, fall back to https://pypi.org/project/pysqlcipher3/
For Python 2, https://pypi.org/project/pysqlcipher/ is used.

Warning

The pysqlcipher3 and pysqlcipher DBAPI drivers are no longer maintained; the sqlcipher3 driver as of this writing appears to be current. For future compatibility, any pysqlcipher-compatible DBAPI may be used as follows:

import sqlcipher_compatible_driver

from sqlalchemy import create_engine

e = create_engine(
    "sqlite+pysqlcipher://:password@/dbname.db",
    module=sqlcipher_compatible_driver
)

These drivers make use of the SQLCipher engine. This system essentially introduces new PRAGMA commands to SQLite which allows the setting of a passphrase and other encryption parameters, allowing the database file to be encrypted.

Connect Strings

The format of the connect string is in every way the same as that of the ~sqlalchemy.dialects.sqlite.pysqlite driver, except that the "password" field is now accepted, which should contain a passphrase:

e = create_engine('sqlite+pysqlcipher://:testing@/foo.db')

For an absolute file path, two leading slashes should be used for the database name:

e = create_engine('sqlite+pysqlcipher://:testing@//path/to/foo.db')

A selection of additional encryption-related pragmas supported by SQLCipher as documented at https://www.zetetic.net/sqlcipher/sqlcipher-api/ can be passed in the query string, and will result in that PRAGMA being called for each new connection. Currently, cipher, kdf_iter cipher_page_size and cipher_use_hmac are supported:

e = create_engine('sqlite+pysqlcipher://:testing@/foo.db?cipher=aes-256-cfb&kdf_iter=64000')

Warning

Previous versions of sqlalchemy did not take into consideration the encryption-related pragmas passed in the url string, that were silently ignored. This may cause errors when opening files saved by a previous sqlalchemy version if the encryption options do not match.

Pooling Behavior

The driver makes a change to the default pool behavior of pysqlite as described in :ref:`pysqlite_threading_pooling`. The pysqlcipher driver has been observed to be significantly slower on connection than the pysqlite driver, most likely due to the encryption overhead, so the dialect here defaults to using the .SingletonThreadPool implementation, instead of the .NullPool pool used by pysqlite. As always, the pool implementation is entirely configurable using the :paramref:`_sa.create_engine.poolclass` parameter; the . StaticPool may be more feasible for single-threaded use, or .NullPool may be used to prevent unencrypted connections from being held open for long periods of time, at the expense of slower startup time for new connections.