No project description provided
Project description
Django Secured Fields
Django encrypted fields with search enabled.
Features
- Automatically encrypt/decrypt field value using cryptography's Fernet
- Built-in search lookup on the encrypted fields from hashlib's SHA-256 hash value.
inandisnulllookup also supported. - Supports most of available Django fields including
BinaryField,JSONField, andFileField.
Installation
pip install django-secured-fields
Setup
-
Add
secured_fieldsintoINSTALLED_APPS# settings.py INSTALLED_APPS = [ ... 'secured_fields', ]
-
Generate a new key using for encryption
$ python manage.py generate_key KEY: TtY8MAeXuhdKDd1HfGUwim-vQ8H7fXyRQ9J8pTi_-lg= HASH_SALT: 500d492e
-
Put generated key(s) and hash salt in settings
# settings.py SECURED_FIELDS_KEY = 'TtY8MAeXuhdKDd1HfGUwim-vQ8H7fXyRQ9J8pTi_-lg=' # or multiple keys for rotation SECURED_FIELDS_KEY = [ 'TtY8MAeXuhdKDd1HfGUwim-vQ8H7fXyRQ9J8pTi_-lg=', '...', ] # optional SECURED_FILDS_HASH_SALT = '500d492e'
Usage
Simple Usage
# models.py
import secured_fields
phone_number = secured_fields.EncryptedCharField(max_length=10)
Enable Searching
# models.py
import secured_fields
id_card_number = secured_fields.EncryptedCharField(max_length=18, searchable=True)
Supported Fields
EncryptedBinaryFieldEncryptedBooleanFieldEncryptedCharFieldEncryptedDateFieldEncryptedDateTimeFieldEncryptedDecimalFieldEncryptedFileFieldEncryptedImageFieldEncryptedIntegerFieldEncryptedJSONFieldEncryptedTextField
Settings
| Key | Required | Default | Description |
|---|---|---|---|
SECURED_FIELDS_KEY |
Yes | Key(s) for using in encryption/decryption with Fernet. Usually generated from python manage.py generate_key. For rotation keys, use a list of keys instead (see MultiFernet). |
|
SECURED_FIELDS_HASH_SALT |
No | '' |
Salt to append after the field value before hashing. Usually generated from python manage.py generate_key. |
SECURED_FIELDS_FILE_STORAGE |
No | 'secured_fields.storage.EncryptedFileSystemStorage' |
File storage class used for storing encrypted file/image fields. See EncryptedStorageMixin |
APIs
Field Arguments
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
searchable |
bool |
No | False |
Enable search function |
Encryption
> from secured_fields.fernet import get_fernet
> data = b'test'
> encrypted_data = get_fernet().encrypt(data)
> encrypted_data
b'gAAAAABh2_Ry_thxLTuFFXeMc9hNttah82979JPuMSjnssRB0DmbgwdtEU5dapBgISOST_a_egDc66EG_ZtVu_EqF_69djJwuA=='
> get_fernet().decrypt(encrypted_data)
b'test'
Rotate Keys
> from secured_fields.fernet import get_fernet
> encrypted_data = get_fernet().encrypt(b'test')
> encrypted_data
b'gAAAAABh2_Ry_thxLTuFFXeMc9hNttah82979JPuMSjnssRB0DmbgwdtEU5dapBgISOST_a_egDc66EG_ZtVu_EqF_69djJwuA=='
> rotated_encrypted_data = get_fernet().rotate(encrypted_data)
> get_fernet().decrypt(rotated_encrypted_data)
b'test'
See more details in MultiFernet.rotate.
EncryptedMixin
If you have a field which is not supported by the package, you can use EncryptedMixin to enable encryption and search functionality for that custom field.
import secured_fields
from django.db import models
class EncryptedUUIDField(secured_fields.EncryptedMixin, models.UUIDField):
pass
task_id = EncryptedUUIDField(searchable=True)
EncryptedStorageMixin
If you use a custom file storage class (e.g. defined in settings.py's DEFAULT_FILE_STORAGE), you can enable file encryption using EncryptedStorageMixin.
import secured_fields
from minio_storage.storage import MinioMediaStorage
class EncryptedMinioMediaStorage(
secured_fields.EncryptedStorageMixin,
MinioMediaStorage,
):
pass
Known Limitation
inlookup onJSONFieldis not available- Large files are not performance-friendly at the moment (see #2)
- Search on
BinaryFielddoes not supported at the moment (see #6) - Changing
searchablevalue in a field with the records in the database is not supported (see #7)
Development
Requirements
- Docker
- Poetry
- MySQL Client
brew install mysql-clientecho 'export PATH="/usr/local/opt/mysql-client/bin:$PATH"' >> ~/.bash_profile
Running Project
-
Start backend databases
make up-db -
Run tests (see: Testing)
Linting
make lint
Testing
make test-pg # or make test-mysql, make test-sqlite
Fix Formatting
make yapf
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file django_secured_fields-0.4.4.tar.gz.
File metadata
- Download URL: django_secured_fields-0.4.4.tar.gz
- Upload date:
- Size: 9.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.3 CPython/3.10.15 Linux/6.5.0-1025-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 8a2edcbf8b3efaf89a592caf748b80f8f38a7c253ec45d7526bf345380aca3ad |
|
| MD5 | a1a29fbda8df484430a5c5a4bfbfd784 |
|
| BLAKE2b-256 | 10243d1e6587ed934165e4c21e9bfcc5e707ee250ffcb7aae9993d82d17fb3c6 |
File details
Details for the file django_secured_fields-0.4.4-py3-none-any.whl.
File metadata
- Download URL: django_secured_fields-0.4.4-py3-none-any.whl
- Upload date:
- Size: 10.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.3 CPython/3.10.15 Linux/6.5.0-1025-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 7cb613587b52976f6771a8190f46219d5357955e220d8d7ae4a6b5fc7f4503ff |
|
| MD5 | 994aa5723695d092090c30f6742cd1fe |
|
| BLAKE2b-256 | 59aad6c7565e7842bcd97883d282b8356855b319116eaab6de0ed06b57d55632 |
