https://github.com/raphaelm/django-pgrowcrypt

[EXPERIMENT] Row-level encryption based on pgcrypto for Django
https://github.com/raphaelm/django-pgrowcrypt

Last synced: 2 months ago
JSON representation

[EXPERIMENT] Row-level encryption based on pgcrypto for Django

• Host: GitHub
• URL: https://github.com/raphaelm/django-pgrowcrypt
• Owner: raphaelm
• License: apache-2.0
• Created: 2018-12-22T23:31:26.000Z (over 6 years ago)
• Default Branch: master
• Last Pushed: 2018-12-22T23:36:23.000Z (over 6 years ago)
• Last Synced: 2025-02-13T14:16:32.604Z (4 months ago)
• Language: Python
• Homepage:
• Size: 18.6 KB
• Stars: 0
• Watchers: 3
• Forks: 0
• Open Issues: 1
• Metadata Files:
  • Readme: README.rst
  • License: LICENSE
  • Authors: AUTHORS

Awesome Lists containing this project

README

        
Row-level encryption based on pgcrypto for Django

=================================================

**WARNING:** This is an experiment including some nasty ORM hacks and we do not yet recommend to use it in production.

.. image:: https://img.shields.io/pypi/v/django-pgrowcrypt.svg

   :target: https://pypi.python.org/pypi/django-pgrowcrypt

.. image:: https://travis-ci.com/raphaelm/django-pgrowcrypt.svg?branch=master

   :target: https://travis-ci.com/raphaelm/django-pgrowcrypt

.. image:: https://codecov.io/gh/raphaelm/django-pgrowcrypt/branch/master/graph/badge.svg

   :target: https://codecov.io/gh/raphaelm/django-pgrowcrypt

This allows the encryption of values in specific columns using symmetric cryptography with the ``pgcrypto`` extension.

This is similar to `django-pgcrypto-expressions`_ and `django-pgcrypto-fields`_, but different in the regard that those

two encrypt all data with the *same* system-wide key and handle encryption fully transparently. In contrast, this library

allows to use *different* key per row/per query. A common use case would be to encrypt sensitive data with a key specific

to a user or to a client in a multi-tenant application.

Keep in mind that the actual encryption and decryption is performed in the database and the key is being sent to the database

in plain text, so this requires the connection to the database to be either local or encrypted and requires you to trust the

database administrator.

Further limitations:

* Works only on PostgreSQL (obviously)

Usage

-----

You will need to use both a custom model base class and a custom field class::

    from pgrowcrypt.models import EncryptedModel, EncryptedTextField

    class Book(EncryptedModel):

        title = EncryptedTextField()

        def __str__(self):

            return self.title

    from django.db import models

    from jsonfallback.fields import FallbackJSONField

Then, you can work with the model like this:

    >>> b = Book(title='Harry Potter', _key='pgLWLYqQb4zR9K1Im3GUsLXaILnU7q')

    >>> b.save()

    >>> Book.objects.with_key('pgLWLYqQb4zR9K1Im3GUsLXaILnU7q').all()

    ]>

License

-------

The code in this repository is published under the terms of the Apache License. 

See the LICENSE file for the complete license text.

This project is maintained by Raphael Michel . See the

AUTHORS file for a list of all the awesome folks who contributed to this project.

.. _django-pgcrypto-expressions: https://github.com/orcasgit/django-pgcrypto-expressions

.. _django-pgcrypto-fields: https://github.com/incuna/django-pgcrypto-fields