Open StephanErb opened 4 years ago
I would think that Proposal A is the easiest to adopt!
I would love to see this integrated :)
@StephanErb It would seem reasonable to also support changing the salt. What do you think?
Has there been any progress on this feature? Or supporting multiple keys for decryption?
@zaeem-maqsood I don't think a PR has been put forward for rotating keys.
Hi everyone,
we accidentally leaked the
SECRET_KEY
of a test environment that was used for decrypting model fields using this library. In such a case, to be on the safe side, one has to rotate the leaked key. While I am aware that we can run a migration similar to this one here it would be great if django-cryptography would has an officially supported way how to rotate encryption keys:Proposal A) Ship a Django command to perform such a secret rotation:
Afterwards the
settings.py
needs to be adjusted to reference the new key.Proposal B) If Proposal A is hard to implement, an easier but less secure alternative option would be to support two kinds of secret specifications:
SECRET_KEY
orCRYPTOGRAPHY_KEY
as used today)CRYPTOGRAPHY_PREVIOUS_KEYS=['foo', 'bar']
)In case a field cannot be decrypted using either
SECRET_KEY
orCRYPTOGRAPHY_KEY
all secrets inCRYPTOGRAPHY_PREVIOUS_KEYS
are tried in order. This would enable us to at lest have all new secrets encrypted with a new key, while the encryption of other fields is still supported.Thanks!