Django Secured Fields
Django encrypted fields with search enabled.
Features
- Automatically encrypt/decrypt field value using cryptography's Fernet
- Built-in search lookup on the encrypted fields from hashlib's SHA-256 hash value.
inandisnulllookup also supported. - Supports most of available Django fields including
BinaryField,JSONField, andFileField.
Installation
pip install django-secured-fieldsSetup
-
Add
secured_fieldsintoINSTALLED_APPS# settings.py INSTALLED_APPS = [ ... 'secured_fields', ]
-
Generate a new key using for encryption
$ python manage.py generate_key KEY: TtY8MAeXuhdKDd1HfGUwim-vQ8H7fXyRQ9J8pTi_-lg= HASH_SALT: 500d492e
-
Put generated key and hash salt in settings
# settings.py SECURED_FIELDS_KEY = 'TtY8MAeXuhdKDd1HfGUwim-vQ8H7fXyRQ9J8pTi_-lg=' SECURED_FIELDS_HASH_SALT = '500d492e' # optional
Usage
Simple Usage
# models.py
import secured_fields
phone_number = secured_fields.EncryptedCharField(max_length=10)Enable Searching
# models.py
import secured_fields
id_card_number = secured_fields.EncryptedCharField(max_length=18, searchable=True)Supported Fields
EncryptedBinaryFieldEncryptedBooleanFieldEncryptedCharFieldEncryptedDateFieldEncryptedDateTimeFieldEncryptedDecimalFieldEncryptedFileFieldEncryptedImageFieldEncryptedIntegerFieldEncryptedJSONFieldEncryptedTextField
Settings
| Key | Required | Default | Description |
|---|---|---|---|
SECURED_FIELDS_KEY |
Yes | Key for using in encryption/decryption with Fernet. Usually generated from python manage.py generate_key. |
|
SECURED_FIELDS_HASH_SALT |
No | '' |
Salt to append after the field value before hashing. Usually generated from python manage.py generate_key. |
SECURED_FIELDS_FILE_STORAGE |
No | 'secured_fields.storage.EncryptedFileSystemStorage' |
File storage class used for storing encrypted file/image fields. See EncryptedStorageMixin |
APIs
Field Arguments
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
searchable |
bool |
No | False |
Enable search function |
Encryption
> from secured_fields.fernet import get_fernet
> data = b'test'
> encrypted_data = get_fernet().encrypt(data)
> encrypted_data
b'gAAAAABh2_Ry_thxLTuFFXeMc9hNttah82979JPuMSjnssRB0DmbgwdtEU5dapBgISOST_a_egDc66EG_ZtVu_EqF_69djJwuA=='
> get_fernet().decrypt(encrypted_data)
b'test'
EncryptedMixin
If you have a field which does not supported by the package, you can use EncryptedMixin to enable encryption and search functionality for that custom field.
import secured_fields
from django.db import models
class EncryptedUUIDField(secured_fields.EncryptedMixin, models.UUIDField):
pass
task_id = EncryptedUUIDField(searchable=True)
EncryptedStorageMixin
If you use a custom file storage class (e.g. defined in settings.py's DEFAULT_FILE_STORAGE), you can enable file encryption using EncryptedStorageMixin.
import secured_fields
from minio_storage.storage import MinioMediaStorage
class EncryptedMinioMediaStorage(
secured_fields.EncryptedStorageMixin,
MinioMediaStorage,
):
passKnown Limitation
-
inlookup onJSONFieldis not available - Large files are not performance-friendly at the moment (see #2)
- Search on
BinaryFielddoes not supported at the moment (see #6) - Changing
searchablevalue in a field with the records in the database is not supported (see #7)
Development
Requirements
- Docker
- Poetry
- MySQL Client
brew install mysql-clientecho 'export PATH="/usr/local/opt/mysql-client/bin:$PATH"' >> ~/.bash_profile
Running Project
-
Start backend databases
make up-db
-
Run tests (see: Testing)
Linting
make lintTesting
make testFix Formatting
make yapf
![dependabot[bot]](https://avatars.githubusercontent.com/u/49699333?size=120)