Open jdklub opened 4 years ago
I will look into this and see there is a gap in the implementation.
I ran into the same behavior and it puzzled me quite a bit. Maybe update the documentation in the meantime?
It seems that FernetBytes
uses the CRYPTOGRAPHY_KEY
but CRYPTOGRAPHY_SALT
uses SECRET_KEY
. CRYPTOGRAPHY_SALT
does not seem to be used in the code at all. (nevermind, it is used by CryptographyConf
)
@georgemarshall I tested this locally with defaults and saved data to an encrypted field. I was still able to decrypt that previously encrypted data after setting CRYPTOGRAPHY_KEY and CRYPTOGRAPHY_SALT.
If the default key and salt are never overridden by the CRYPTOGRAPHY_KEY
and CRYPTOGRAPHY_SALT
environment variables, this is a major bug that needs to be addressed ASAP.
I am encrypting data in a few CharFields, and attempting to read this data from two different Django applications. I have specified the same CRYPTOGRAPHY_KEY and CRYPTOGRAPHY_SALT in the settings files of each application. However I am unable to decrypt the data in the second application unless I use the same SECRET_KEY value in both applications. It was my impression that CRYPTOGRAPHY_KEY would take precedence over SECRET_KEY.
This seems to indicate only the key specified on the field or the SECRET_KEY is used.
Am I misunderstanding how to configure the applications so that they can both access the data?