Merge pull request #3 from StevenMapes/patch-1

Updated README.md with rotating SALT documentation
2026-05-18 04:21:13 +00:00 · 2021-12-13 17:34:52 +09:00 · 2021-12-13 17:34:52 +09:00 · 9e84ed92b4
commit 9e84ed92b4
parent 3c9a6b9349 8c39983587
1 changed files with 20 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -14,6 +14,7 @@ In your `settings.py`, set random SALT_KEY
 ```python
 SALT_KEY = '0123456789abcdefghijklmnopqrstuvwxyz'
 ```
+
 Then, in `models.py`
 ```python
 from encrypted_fields.fields import EncryptedTextField
@ -23,6 +24,24 @@ class MyModel(models.Model):
 ```
 Use your model as normal and your data will be encrypted in the database.

+#### Rotating SALT keys
+You can rotate salt keys by turning the ```SALT_KEY``` settings.py entry into a list.  The first key will be used to encrypt all new data, and decryption of existing values will be attempted with all given keys in order. This is useful for key rotation: place a new key at the head of the list for use with all new or changed data, but existing values encrypted with old keys will still be accessible
+
+```python
+SALT_KEY = [
+    'zyxwvutsrqponmlkjihgfedcba9876543210',
+    '0123456789abcdefghijklmnopqrstuvwxyz'
+]
+```
+
+If you wish to update the existing encrypted records simply load and re-save the models to use the new key.
+
+```
+for obj in MuModel.objects.all():
+    obj.save()
+```
+
+
 #### Available Fields

 Currently build in and unit-tested fields. They have the same APIs as their non-encrypted counterparts.
@ -43,4 +62,4 @@ Currently build in and unit-tested fields. They have the same APIs as their non-
 |`3.0`|:heavy_check_mark:|
 |`3.1`|:heavy_check_mark:|
 |`3.2`|:heavy_check_mark:|
-|`4.0`|:heavy_check_mark:|
+|`4.0`|:heavy_check_mark:|