New setting ALLOW_UNENCRYPTED

[litchfield]

We found it awkward to introduce django-cryptography to existing data, so we added a new setting ALLOW_UNENCRYPTED (default False), which allows unencrypted data to be READ (read only), instead of throwing a BadSignature error. When the data gets written it's still encrypted.

[georgemarshall]

My apologies for not responding to your PR earlier. I wanted to write up some documentation on how to migrate existing data before responding. Unfortunately that has not happened yet, so in the interim I will give you the tl;dr version.

When you wrap a field with encrypt() it will use BinaryField for the database. This means you can't just simply wrap an existing database column, you need to create a new one and migrate that data into it.

[georgemarshall]

You can now find an example migration in the source converting unencrypted data to encrypted.

https://github.com/georgemarshall/django-cryptography/tree/master/tests/fields/test_migrations_normal_to_encrypted