django-fernet-encrypted-fields/README.md

[![Pypi Package](https://badge.fury.io/py/django-fernet-encrypted-fields.png)](http://badge.fury.io/py/django-fernet-encrypted-fields)
[![Jazzband](https://jazzband.co/static/img/badge.svg)](https://jazzband.co/)

### Django Fernet Encrypted Fields

This package was created as a successor to [django-encrypted-fields](https://github.com/defrex/django-encrypted-fields).

#### Getting Started

```shell
$ pip install django-fernet-encrypted-fields
```

In your `settings.py`, set random SALT_KEY

```python
SALT_KEY = '0123456789abcdefghijklmnopqrstuvwxyz'
```

Then, in `models.py`

```python
from encrypted_fields.fields import EncryptedTextField

class MyModel(models.Model):
    text_field = EncryptedTextField()
```

Use your model as normal and your data will be encrypted in the database.

#### Rotating SALT keys

You can rotate salt keys by turning the `SALT_KEY` settings.py entry into a list. The first key will be used to encrypt all new data, and decryption of existing values will be attempted with all given keys in order. This is useful for key rotation: place a new key at the head of the list for use with all new or changed data, but existing values encrypted with old keys will still be accessible

```python
SALT_KEY = [
    'zyxwvutsrqponmlkjihgfedcba9876543210',
    '0123456789abcdefghijklmnopqrstuvwxyz'
]
```

To generate a new `SECRET_KEY`, you can use Django's `get_random_secret_key` function.

```python
from django.core.management.utils import get_random_secret_key

new_secret_key = get_random_secret_key()
print(new_secret_key)
```

#### Rotating SECRET_KEY

When you would want to rotate your `SECRET_KEY`, set the new value and put your old secret key value to `SECRET_KEY_FALLBACKS` list. That way the existing encrypted fields will still work, but when you re-save the field or create new record, it will be encrypted with the new secret key. (supported in Django >=4.1)

```python
SECRET_KEY = "new-key"
SECRET_KEY_FALLBACKS = ["old-key"]
```

If you wish to update the existing encrypted records simply load and re-save the models to use the new key.

```python
for obj in MyModel.objects.all():
    obj.save()
```

#### Available Fields

Currently built-in and unit-tested fields include the following.
They have the same APIs as their non-encrypted counterparts.

- `EncryptedCharField`
- `EncryptedTextField`
- `EncryptedDateTimeField`
- `EncryptedIntegerField`
- `EncryptedFloatField`
- `EncryptedEmailField`
- `EncryptedBooleanField`
- `EncryptedJSONField`

### Compatible Django Version

| Compatible Django Version | Specifically tested | Python Version Required |
| ------------------------- | ------------------- | ----------------------- |
| `3.2`                     |                     | 3.8+                    |
| `4.0`                     |                     | 3.8+                    |
| `4.1`                     |                     | 3.8+                    |
| `4.2`                     | :heavy_check_mark:  | 3.8+                    |
| `5.0`                     |                     | 3.10+                   |
| `5.1`                     | :heavy_check_mark:  | 3.10+                   |
| `5.2`                     | :heavy_check_mark:  | 3.10+                   |
| `6.0`                     | :heavy_check_mark:  | 3.12+                   |

### Contributing

See [CONTRIBUTING.md](CONTRIBUTING.md) for details on how to contribute to this project.
first commit 2021-09-30 14:27:19 +00:00			`[![Pypi Package](https://badge.fury.io/py/django-fernet-encrypted-fields.png)](http://badge.fury.io/py/django-fernet-encrypted-fields)`
Update README.md 2023-07-31 08:12:14 +00:00			`[![Jazzband](https://jazzband.co/static/img/badge.svg)](https://jazzband.co/)`
first commit 2021-09-30 14:27:19 +00:00
			`### Django Fernet Encrypted Fields`

			`This package was created as a successor to [django-encrypted-fields](https://github.com/defrex/django-encrypted-fields).`

			`#### Getting Started`
Add pre-commit config and fix for it 2025-01-06 02:38:01 +00:00
first commit 2021-09-30 14:27:19 +00:00			```shell
			`$ pip install django-fernet-encrypted-fields`
			```
Add pre-commit config and fix for it 2025-01-06 02:38:01 +00:00
first commit 2021-09-30 14:27:19 +00:00			In your `settings.py`, set random SALT_KEY
Add pre-commit config and fix for it 2025-01-06 02:38:01 +00:00
first commit 2021-09-30 14:27:19 +00:00			```python
			`SALT_KEY = '0123456789abcdefghijklmnopqrstuvwxyz'`
			```
Updated README.md with rotating SALT documentation I've updated the README.md file with an explanation on how to config the multiple SALTs and how to update all records within a model that uses encrypted fields. 2021-12-10 11:11:12 +00:00
first commit 2021-09-30 14:27:19 +00:00			Then, in `models.py`
Add pre-commit config and fix for it 2025-01-06 02:38:01 +00:00
first commit 2021-09-30 14:27:19 +00:00			```python
			`from encrypted_fields.fields import EncryptedTextField`

			`class MyModel(models.Model):`
			`text_field = EncryptedTextField()`
			```
Add pre-commit config and fix for it 2025-01-06 02:38:01 +00:00
first commit 2021-09-30 14:27:19 +00:00			`Use your model as normal and your data will be encrypted in the database.`

Updated README.md with rotating SALT documentation I've updated the README.md file with an explanation on how to config the multiple SALTs and how to update all records within a model that uses encrypted fields. 2021-12-10 11:11:12 +00:00			`#### Rotating SALT keys`
Add pre-commit config and fix for it 2025-01-06 02:38:01 +00:00
			You can rotate salt keys by turning the `SALT_KEY` settings.py entry into a list. The first key will be used to encrypt all new data, and decryption of existing values will be attempted with all given keys in order. This is useful for key rotation: place a new key at the head of the list for use with all new or changed data, but existing values encrypted with old keys will still be accessible
Updated README.md with rotating SALT documentation I've updated the README.md file with an explanation on how to config the multiple SALTs and how to update all records within a model that uses encrypted fields. 2021-12-10 11:11:12 +00:00
			```python
			`SALT_KEY = [`
			`'zyxwvutsrqponmlkjihgfedcba9876543210',`
			`'0123456789abcdefghijklmnopqrstuvwxyz'`
			`]`
			```

Jazzband Contributing Guide (#37) * remove non-tested django versions from the list of tested versions in the readme * add snippet on generating SECRET_KEYs * add contributing readme * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * add file filter for github actions lint-and-test workflow * add path filters for the lint and test github actions workflow * use path-ignore instead of path for file filters --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> 2026-03-16 12:14:12 +00:00			To generate a new `SECRET_KEY`, you can use Django's `get_random_secret_key` function.

			```python
			`from django.core.management.utils import get_random_secret_key`

			`new_secret_key = get_random_secret_key()`
			`print(new_secret_key)`
			```

Updated README - added paragraph about rotating secret key 2025-02-18 14:36:46 +00:00			`#### Rotating SECRET_KEY`

			When you would want to rotate your `SECRET_KEY`, set the new value and put your old secret key value to `SECRET_KEY_FALLBACKS` list. That way the existing encrypted fields will still work, but when you re-save the field or create new record, it will be encrypted with the new secret key. (supported in Django >=4.1)
Updated README.md with rotating SALT documentation I've updated the README.md file with an explanation on how to config the multiple SALTs and how to update all records within a model that uses encrypted fields. 2021-12-10 11:11:12 +00:00
Updated README - added paragraph about rotating secret key 2025-02-18 14:36:46 +00:00			```python
			`SECRET_KEY = "new-key"`
			`SECRET_KEY_FALLBACKS = ["old-key"]`
Updated README.md with rotating SALT documentation I've updated the README.md file with an explanation on how to config the multiple SALTs and how to update all records within a model that uses encrypted fields. 2021-12-10 11:11:12 +00:00			```
Updated README - added paragraph about rotating secret key 2025-02-18 14:36:46 +00:00
			`If you wish to update the existing encrypted records simply load and re-save the models to use the new key.`

			```python
Fix version and typo 2025-02-21 03:00:53 +00:00			`for obj in MyModel.objects.all():`
Updated README.md with rotating SALT documentation I've updated the README.md file with an explanation on how to config the multiple SALTs and how to update all records within a model that uses encrypted fields. 2021-12-10 11:11:12 +00:00			`obj.save()`
			```

first commit 2021-09-30 14:27:19 +00:00			`#### Available Fields`

Jazzband Contributing Guide (#37) * remove non-tested django versions from the list of tested versions in the readme * add snippet on generating SECRET_KEYs * add contributing readme * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * add file filter for github actions lint-and-test workflow * add path filters for the lint and test github actions workflow * use path-ignore instead of path for file filters --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> 2026-03-16 12:14:12 +00:00			`Currently built-in and unit-tested fields include the following.`
			`They have the same APIs as their non-encrypted counterparts.`
first commit 2021-09-30 14:27:19 +00:00
			- `EncryptedCharField`
			- `EncryptedTextField`
			- `EncryptedDateTimeField`
			- `EncryptedIntegerField`
			- `EncryptedFloatField`
			- `EncryptedEmailField`
			- `EncryptedBooleanField`
Add support for encrypted JSON fields 2023-07-18 04:55:25 +00:00			- `EncryptedJSONField`
first commit 2021-09-30 14:27:19 +00:00
			`### Compatible Django Version`

django 6 compatibility 2025-12-29 20:10:43 +00:00			`\| Compatible Django Version \| Specifically tested \| Python Version Required \|`
			`\| ------------------------- \| ------------------- \| ----------------------- \|`
Jazzband Contributing Guide (#37) * remove non-tested django versions from the list of tested versions in the readme * add snippet on generating SECRET_KEYs * add contributing readme * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * add file filter for github actions lint-and-test workflow * add path filters for the lint and test github actions workflow * use path-ignore instead of path for file filters --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> 2026-03-16 12:14:12 +00:00			\| `3.2` \| \| 3.8+ \|
			\| `4.0` \| \| 3.8+ \|
			\| `4.1` \| \| 3.8+ \|
django 6 compatibility 2025-12-29 20:10:43 +00:00			\| `4.2` \| :heavy_check_mark: \| 3.8+ \|
Jazzband Contributing Guide (#37) * remove non-tested django versions from the list of tested versions in the readme * add snippet on generating SECRET_KEYs * add contributing readme * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * add file filter for github actions lint-and-test workflow * add path filters for the lint and test github actions workflow * use path-ignore instead of path for file filters --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> 2026-03-16 12:14:12 +00:00			\| `5.0` \| \| 3.10+ \|
django 6 compatibility 2025-12-29 20:10:43 +00:00			\| `5.1` \| :heavy_check_mark: \| 3.10+ \|
			\| `5.2` \| :heavy_check_mark: \| 3.10+ \|
			\| `6.0` \| :heavy_check_mark: \| 3.12+ \|
Jazzband Contributing Guide (#37) * remove non-tested django versions from the list of tested versions in the readme * add snippet on generating SECRET_KEYs * add contributing readme * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * add file filter for github actions lint-and-test workflow * add path filters for the lint and test github actions workflow * use path-ignore instead of path for file filters --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> 2026-03-16 12:14:12 +00:00
			`### Contributing`

			`See [CONTRIBUTING.md](CONTRIBUTING.md) for details on how to contribute to this project.`