Determine if we need to encrypt sensitive data

[wfhio]

Currently, we store stripe/twitter keys in the database. As this is a multi-site app, it would be too difficult to pass these values into the web server using environment variables. As a concession, perhaps what we can do is create encrypted fields, such that a database backup lying around is not going to leak anything sensitive.

Note that if we do go this route, we will need to ensure that we have a way to re-encrypt values should we need to alter the key. From an IRC conversation today, someone mentioned that "cryptography has a Fernet class that can use multiple keys for this purpose". We'll need to look into this in more detail.

[wfhio]

https://django-fernet-fields.readthedocs.io looks perfect for this, with the following notes:

1. No django 1.10 at the moment, but there is an open PR for this
2. No clear way how you would re-encrypt existing values with a new key, which you'd want when you rotate out keys

[wfhio]

https://github.com/defrex/django-encrypted-fields may work too, need to look into it a bit further.