search

MongoEngine / mongoengine

A Python Object-Document-Mapper for working with MongoDB
http://mongoengine.org
MIT License
4.24k stars 1.23k forks source link

Field level encryption support #1739

Open jingo64 opened 6 years ago

jingo64 commented 6 years ago

Hi,

We're interested in adding field level encryption for documents, ideally just as a new keyword argument passed into the field definition, with an encryption key provided as an argument to the document.

Field definition:

from mongoengine import Document
class MyDocument(Document):

    ENCRYPT_KEY = 'mysupersecretkey'
    foo = StringField()
    bar = StringField(encrypt=True)

I'm happy to take a look at this, looking at the google group history, it doesn't appear a solution has been proposed before. Before I got started, just wanted to confirm this is something that makes sense to work on? I'm also very open to changing the argument names etc!

jingo64 commented 6 years ago

I created PR #1740 with a simple solution (currently just handling strings, but if the approach seems reasonable I can extend it further).

Ideally, I'd imagine we want it to be done at the lowest level possible, to avoid breaking a bunch of areas such as validation (plus making debugging etc. easier). I'd imagine the production version of this might allow for more customisation in terms of how the crypto actually works, the current one just uses a simple crypto library I found. I imagine people might like to actually make the encrypt/decrypt calls into callables, so you could define your own?

Just some thoughts! This is the first contribution I've made to a project of this type, so let me know if I made any egregious faux paxs, promise they were not intentional!