Django Cryptographic Fields
.. image:: https://circleci.com/gh/foundertherapy/django-cryptographic-fields.png
``django-cryptographic-fields`` is set of fields that wrap standard Django
fields with encryption provided by the python cryptography library. These
fields are much more compatible with a 12-factor design since they take their
encryption key from the settings file instead of a file on disk used by
While keyczar is an excellent tool to use for encryption, it's not compatible
with Python 3, and it requires, for hosts like Heroku, that you either check
your key file into your git repository for deployment, or implement manual
post-deployment processing to write the key stored in an environment variable
into a file that keyczar can read.
$ pip install django-cryptographic-fields
Add "cryptographic_fields" to your INSTALLED_APPS setting like this:
INSTALLED_APPS = (
``django-cryptographic-fields`` expects the encryption key to be specified
using ``FIELD_ENCRYPTION_KEY`` in your project's ``settings.py`` file. For
example, to load it from the local environment:
FIELD_ENCRYPTION_KEY = os.environ.get('FIELD_ENCRYPTION_KEY', '')
To use an encrypted field in a Django model, use one of the fields from the
from cryptographic_fields.fields import EncryptedCharField
encrypted_char_field = EncryptedCharField(max_length=100)
For fields that require ``max_length`` to be specified, the ``Encrypted``
variants of those fields will automatically increase the size of the database
field to hold the encrypted form of the content. For example, a 3 character
CharField will automatically specify a database field size of 100 characters
when ``EncryptedCharField(max_length=3)`` is specified.
Due to the nature of the encrypted data, filtering by values contained in
encrypted fields won't work properly. Sorting is also not supported.
Generating an Encryption Key
There is a Django management command ``generate_encryption_key`` provided
with the ``cryptographic_fields`` library. Use this command to generate a new
encryption key to set as ``settings.FIELD_ENCRYPTION_KEY``.
Running this command will print an encryption key to the terminal, which can
be configured in your environment or settings file.
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.