Open glennmatthews opened 3 years ago
In other words, once you begin using this library, you may never change SECRET_KEY
again, even if you're defining CRYPTOGRAPHY_KEY
as the documentation recommends.
Duplicate of #37?
Faced the same issue. Steps to reproduce:
django-cryptography
, set both SECRET_KEY
and CRYPTOGRAPHY_KEY
SECRET_KEY
Expected result: encrypted fields may be decrypted as CRYPTOGRAPHY_KEY
wasn't changed
Actual result: BadSignature
because encryption key changed.
FWIW I've just attempted to replicate this issue and with ...
Django==4.2.11 django-cryptography==1.1
.... the dependency on SECRET_KEY is still the case.
Just doing a PR to reflect the situation in the documentation.
Per the documentation,
This documentation is incorrect, or at least incomplete. I can confirm that even when
CRYPTOGRAPHY_KEY
is set, some calculations still useSECRET_KEY
. This can be demonstrated by populating some encrypted fields, then changingSECRET_KEY
- a BadSignature error will be reported on trying to access the fields, but changingSECRET_KEY
back to its old value will restore normal operation.