Hopiu/django-fernet-encrypted-fields

mirror of https://github.com/jazzband/django-fernet-encrypted-fields.git synced 2026-03-16 14:30:26 +00:00

No description

Find a file

David Paul Graham 0ff2493f03 Some checks are pending Lint & Test / lint (push) Waiting to run Details Lint & Test / test (4.2, 3.10) (push) Waiting to run Details Lint & Test / test (4.2, 3.11) (push) Waiting to run Details Lint & Test / test (4.2, 3.12) (push) Waiting to run Details Lint & Test / test (4.2, 3.13) (push) Waiting to run Details Lint & Test / test (4.2, 3.14) (push) Waiting to run Details Lint & Test / test (5.1, 3.10) (push) Waiting to run Details Lint & Test / test (5.1, 3.11) (push) Waiting to run Details Lint & Test / test (5.1, 3.12) (push) Waiting to run Details Lint & Test / test (5.1, 3.13) (push) Waiting to run Details Lint & Test / test (5.1, 3.14) (push) Waiting to run Details Lint & Test / test (5.2, 3.10) (push) Waiting to run Details Lint & Test / test (5.2, 3.11) (push) Waiting to run Details Lint & Test / test (5.2, 3.12) (push) Waiting to run Details Lint & Test / test (5.2, 3.13) (push) Waiting to run Details Lint & Test / test (5.2, 3.14) (push) Waiting to run Details Lint & Test / test (6.0, 3.12) (push) Waiting to run Details Lint & Test / test (6.0, 3.13) (push) Waiting to run Details Lint & Test / test (6.0, 3.14) (push) Waiting to run Details Jazzband Contributing Guide (#37 ) * remove non-tested django versions from the list of tested versions in the readme * add snippet on generating SECRET_KEYs * add contributing readme * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * add file filter for github actions lint-and-test workflow * add path filters for the lint and test github actions workflow * use path-ignore instead of path for file filters --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>		2026-03-16 08:14:12 -04:00
.github/workflows	Jazzband Contributing Guide (#37 )	2026-03-16 08:14:12 -04:00
encrypted_fields	Fixed getting SECRET_KEY_FALLBACKS for django <4.1	2025-02-18 15:26:33 +01:00
package_test	Added ability to use Django's SECRET_KEY_FALLBACKS to rotate secret key	2025-02-18 15:11:15 +01:00
.gitignore	Jazzband Contributing Guide (#37 )	2026-03-16 08:14:12 -04:00
.pre-commit-config.yaml	[pre-commit.ci] pre-commit autoupdate	2026-03-07 16:16:42 -05:00
CONTRIBUTING.md	Jazzband Contributing Guide (#37 )	2026-03-16 08:14:12 -04:00
LICENCE.txt	Add pre-commit config and fix for it	2025-01-06 11:38:01 +09:00
manage.py	setup github actions with black, flake8, testing and coverage	2022-04-21 14:15:59 +02:00
pyproject.toml	Add pre-commit config and fix for it	2025-01-06 11:38:01 +09:00
README.md	Jazzband Contributing Guide (#37 )	2026-03-16 08:14:12 -04:00
requirements.txt	Update requirements.txt	2025-10-09 12:56:09 +02:00
setup.py	Update setup.py	2025-10-09 12:54:31 +02:00

README.md

Django Fernet Encrypted Fields

This package was created as a successor to django-encrypted-fields.

Getting Started

$ pip install django-fernet-encrypted-fields

In your settings.py, set random SALT_KEY

SALT_KEY = '0123456789abcdefghijklmnopqrstuvwxyz'

Then, in models.py

from encrypted_fields.fields import EncryptedTextField

class MyModel(models.Model):
    text_field = EncryptedTextField()

Use your model as normal and your data will be encrypted in the database.

Rotating SALT keys

You can rotate salt keys by turning the SALT_KEY settings.py entry into a list. The first key will be used to encrypt all new data, and decryption of existing values will be attempted with all given keys in order. This is useful for key rotation: place a new key at the head of the list for use with all new or changed data, but existing values encrypted with old keys will still be accessible

SALT_KEY = [
    'zyxwvutsrqponmlkjihgfedcba9876543210',
    '0123456789abcdefghijklmnopqrstuvwxyz'
]

To generate a new SECRET_KEY, you can use Django's get_random_secret_key function.

from django.core.management.utils import get_random_secret_key

new_secret_key = get_random_secret_key()
print(new_secret_key)

Rotating SECRET_KEY

When you would want to rotate your SECRET_KEY, set the new value and put your old secret key value to SECRET_KEY_FALLBACKS list. That way the existing encrypted fields will still work, but when you re-save the field or create new record, it will be encrypted with the new secret key. (supported in Django >=4.1)

SECRET_KEY = "new-key"
SECRET_KEY_FALLBACKS = ["old-key"]

If you wish to update the existing encrypted records simply load and re-save the models to use the new key.

for obj in MyModel.objects.all():
    obj.save()

Available Fields

Currently built-in and unit-tested fields include the following. They have the same APIs as their non-encrypted counterparts.

EncryptedCharField
EncryptedTextField
EncryptedDateTimeField
EncryptedIntegerField
EncryptedFloatField
EncryptedEmailField
EncryptedBooleanField
EncryptedJSONField

Compatible Django Version

Compatible Django Version	Specifically tested	Python Version Required
`3.2`		3.8+
`4.0`		3.8+
`4.1`		3.8+
`4.2`	✔️	3.8+
`5.0`		3.10+
`5.1`	✔️	3.10+
`5.2`	✔️	3.10+
`6.0`	✔️	3.12+

Contributing

See CONTRIBUTING.md for details on how to contribute to this project.