| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Lines of code | 98 |
| Technical Name |
no_pdf_password_protection |
| License | LGPL-3 |
| Website | https://www.oudayet.com |
| Versions | 16.0 17.0 18.0 19.0 |
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Lines of code | 98 |
| Technical Name |
no_pdf_password_protection |
| License | LGPL-3 |
| Website | https://www.oudayet.com |
| Versions | 16.0 17.0 18.0 19.0 |
PDF Password Protection
Encrypt any Odoo PDF report with a password - per report action, per recipient
Odoo 18 FREE GDPR ReadyThe Problem
Odoo sends invoices, payslips, and quotations as unprotected PDFs. Anyone who intercepts the email or finds the file on a shared drive can open it.
Without this module
PDFs leave Odoo unencrypted. No password required to open them. Anyone with the file can read sensitive data.
With this module
PDFs are encrypted at render time. Only the recipient who knows the password can open them.
4 Password Modes
Choose how the password is determined - per report action.
Same password for every PDF of this report type. Fits internal documents.
Password = partner's VAT/tax ID. Each invoice has its own password the customer already knows.
Password = partner's phone number (spaces stripped). Fits payslips and personal documents.
Password = partner's email. Unique per contact, easy for the recipient to remember.
Every dynamic mode falls back to the static password when the partner field is empty.
Real-World Scenarios
HR emails monthly payslips to each employee. Mode Phone means every payslip is encrypted with the employee's own phone number - something they already know, no extra channel needed to share a password.
Mode VAT: each invoice is locked with the customer's tax ID. The customer already has their VAT on file; no hand-off needed. Meets many GDPR and accounting-compliance expectations out of the box.
Reports that circulate only inside the company. Mode Static with a shared team password keeps the file readable for the finance team but protects it if the file leaks.
Mode Email: the download password is the contact's email address. Recipients never need to look up a password - they type what they already use to log in.
How It Works
Go to Settings > Technical > Reports. Open any report action and tick "Enable PDF Password Protection".
Pick a mode (Static / VAT / Phone / Email). Optionally set a static fallback password used when the partner field is empty.
Every PDF that Odoo renders from that report is encrypted. Recipients need the password to open it.
Installation
Two steps. The Python dependency must be installed first - the module itself won't refuse to install without it, but encryption will be silently no-op.
Step 1 - server side
Install PyPDF2Run this on the Odoo server where reports are rendered. pypdf also works as a drop-in replacement.
Step 2 - in Odoo
Install the moduleApps menu → remove the Apps filter → search "PDF Password Protection" → Install. Then open Settings > Technical > Reports to configure individual reports.
Works With Every QWeb PDF Report
Invoices, quotations, delivery slips, payslips, and any custom report you've built yourself.
Dynamic modes (VAT / Phone / Email) resolve the partner from record.partner_id or the record itself if it's a res.partner. For custom models that carry no partner reference, use Static mode or the fallback.
What This Module Doesn't Do
Honest scope matters. Here's exactly what's out of reach.
XLSX, CSV, HTML, and text reports are not encrypted. The override returns them unchanged.
Only the report PDF itself is encrypted. The email body isn't, and neither are other attachments you add manually.
The module doesn't tell the recipient their password. Add a hint ("this is your VAT") to your email template yourself.
Configuration lives on the report action, not on each record. You can't configure "different password for this one invoice".
If no password can be resolved (empty partner field AND no static fallback), the PDF is returned unencrypted. Set a static fallback password if you want a hard guarantee.
If the Python library isn't installed on the Odoo server, the module loads but encryption is a no-op. A warning appears in the log on startup.
🛡 A Note on PDF Encryption Strength
PDF password protection is convenience crypto, not TLS-grade encryption. It stops a casual viewer with Adobe Reader. It does not stop a determined attacker with time and open-source tools. Use it as a meaningful deterrent and a compliance checkbox (HIPAA, GDPR), not as your only defence. For truly sensitive data, pair it with TLS email transport, access logs, and short retention windows. PyPDF2 uses RC4 / AES-128 depending on the PDF version.
FAQ
The VAT value is used verbatim. Phone numbers get spaces stripped; everything else passes through unchanged.
A few milliseconds per page. For batch prints (50+ invoices), expect about half a second of overhead total. Negligible for most use cases.
The original (unencrypted) PDF is returned and the error is written to the Odoo log. Reports never fail outright - the user gets their document either way. Monitor your logs if this matters to you.
Configuration is per report action, not per recipient. The cleanest workaround is to duplicate the report action and leave one copy unprotected.
The module overrides _render_qweb_pdf, which is stable Odoo API. Every version branch (16.0 / 17.0 / 18.0 / 19.0) ships tests that verify the integration end-to-end on that specific version.
On Odoo.sh yes (you control requirements.txt). On Odoo Online / SaaS, custom Python packages cannot be installed, so this module won't encrypt - use self-hosted or Odoo.sh.
Technical Details
_render_qweb_pdf on ir.actions.report
PDF Password Protection - Free, open source, Odoo 18
© Naim OUDAYET - LGPL-3 License
Please log in to comment on this module