From 83194fbf4ce65b4a37a9e938fb1cae00e1324bc8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vojt=C4=9Bch=20Oram?= <vojtech@leadspicker.com>
Date: Tue, 18 Feb 2025 15:36:46 +0100
Subject: [PATCH] Updated README - added paragraph about rotating secret key

---
 README.md | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 9c89443..daf1f81 100644
--- a/README.md
+++ b/README.md
@@ -39,9 +39,18 @@ SALT_KEY = [
 ]
 ```
 
+#### Rotating SECRET_KEY
+
+When you would want to rotate your `SECRET_KEY`, set the new value and put your old secret key value to `SECRET_KEY_FALLBACKS` list. That way the existing encrypted fields will still work, but when you re-save the field or create new record, it will be encrypted with the new secret key. (supported in Django >=4.1)
+
+```python
+SECRET_KEY = "new-key"
+SECRET_KEY_FALLBACKS = ["old-key"]
+```
+
 If you wish to update the existing encrypted records simply load and re-save the models to use the new key.
 
-```
+```python
 for obj in MuModel.objects.all():
     obj.save()
 ```