Skip to content

Alberto-Codes/adk-secure-sessions

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

119 Commits
.claude
.claude
 
 
.github
.github
 
 
.specify
.specify
 
 
_bmad-output
_bmad-output
 
 
_bmad
_bmad
 
 
docs
docs
 
 
examples
examples
 
 
scripts
scripts
 
 
src/adk_secure_sessions
src/adk_secure_sessions
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.python-version
.python-version
 
 
.release-please-manifest.json
.release-please-manifest.json
 
 
.yamllint.yaml
.yamllint.yaml
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CLAUDE.md
CLAUDE.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
codecov.yml
codecov.yml
 
 
mkdocs.yml
mkdocs.yml
 
 
pyproject.toml
pyproject.toml
 
 
release-please-config.json
release-please-config.json
 
 
renovate.json
renovate.json
 
 
sonar-project.properties
sonar-project.properties
 
 
uv.lock
uv.lock
 
 

Repository files navigation

CI Coverage PyPI Python License Ruff docs vetted

adk-secure-sessions

The compliance gateway for Google ADK — add encrypted sessions in 5 minutes.

ADK's built-in session services store all data unencrypted. If your agents handle PHI, PII, or financial data, that's a compliance gap. adk-secure-sessions is an encrypted session service wrapping ADK's DatabaseSessionService that encrypts state and conversation history at rest, so you can close the encryption-at-rest gap without changing your agent code.

Install

pip install adk-secure-sessions

Or with uv:

uv add adk-secure-sessions

2 direct runtime dependencies: google-adk, cryptography.

Quick Start

# Before (ADK default — unencrypted):
from google.adk.sessions import DatabaseSessionService
session_service = DatabaseSessionService(db_url="sqlite+aiosqlite:///sessions.db")

# After (encrypted — swap the import and constructor):
from adk_secure_sessions import EncryptedSessionService, FernetBackend
session_service = EncryptedSessionService(
    db_url="sqlite+aiosqlite:///sessions.db", backend=FernetBackend("your-secret-key")
)

Use session_service exactly like any ADK session service — create_session, get_session, list_sessions, delete_session, and append_event all work the same way. Wrap in async with for automatic cleanup — see Documentation for details.

Migration note (v1.1.0): The constructor API changed from (db_path, backend, backend_id) to (db_url, backend). Existing databases from v1.0.x are incompatible — create a fresh database when upgrading.

What Gets Encrypted

Data Encrypted Rationale
state values (user_state, app_state, session_state) Yes Contains sensitive user/app data
events (conversation history) Yes Contains user messages, tool outputs, PII
session_id, app_name, user_id No Needed for lookups and filtering
create_time, update_time No Needed for expiration/cleanup

Examples

See examples/ for runnable scripts. The basic usage example runs a multi-turn ADK agent conversation with Ollama and proves that state and conversation history are encrypted at rest.

uv run python examples/basic_usage.py

Requires OLLAMA_API_BASE in your environment or .env file.

Links

About

Encrypted session storage for Google ADK

alberto-codes.github.io/adk-secure-sessions/

Resources

Readme

License

Apache-2.0 license

Contributing

Contributing

Security policy

Security policy
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 6

v1.2.0 Latest
Mar 11, 2026
+ 5 releases

Packages

 
 
 

Contributors

Languages