Django NaCl Encrypted Fields

This is a collection of Django Model Field classes that are encrypted using PyNaCl. This package is largely based on django-encrypted-fields, which makes use of the outdated Keyczar library to encrypt fields. Besides that, it is inspired by django-fernet-field.

About PyNaCl

PyNaCl is a Python binding to libsodium, which is a fork of the Networking and Cryptography library. These libraries have a stated goal of improving usability, security and speed.

Getting Started

Install django-nacl-fields:

pip install django-nacl-fields

Add nacl_encrypted_fields to your INSTALLED_APPS:

INSTALLED_APPS = [
    ...
    'nacl_encrypted_fields'
    ...
]

Create a key to be used for encryption:

$ python manage.py createkey
# put the following line in your settings.py:
NACL_FIELDS_KEY = b'p1Et2Rb@;^BYdo`ZRFi!Hc-MXu(^|bVqA-FGqffM'

In your settings.py:

NACL_FIELDS_KEY = b'p1Et2Rb@;^BYdo`ZRFi!Hc-MXu(^|bVqA-FGqffM'

Then, in your models.py:

from django.db import models
from nacl_encrypted_fields.fields import NaClTextField


class MyModel(models.Model):
    text_field = NaClTextField()

Use the model as you would normally and the data will be stored encrypted in the database.

Note: Encrypted data cannot be used to query or sort. In SQL, these will all look like text fields with random text.

It is also possible to append the fields key to your settings file automatically upon creation, by using the -f flag:

python manage.py createkey -f settings.py

Where settings.py is the path to your settings file.

Available Fields

Currently build-in and unit-tested fields.

• NaClCharField
• NaClTextField
• NaClDateTimeField
• NaClIntegerField
• NaClFloatField
• NaClEmailField
• NaClBooleanField
• NaClJSONField

Encrypt Your Own Fields

Making new fields can be done by using the provided NaClFieldMixin:

from django.db import models
from nacl_encrypted_fields import NaClFieldMixin


class NaClIPAddressField(NaClFieldMixin, models.IPAddressField):
    pass

Please report any issues you encounter when trying this.

Contributing

Start a PostgreSQL Docker container for testing using:

docker run --rm -e POSTGRES_PASSWORD=postgres POSTGRES_DB=github_actions postgres

Then, you can run tests in another window using:

python -m venv env
source env/bin/activate
pip install '.[test]'
python manage.py test

Before you contribute, make sure you lint your code:

pip install '.[lint]'
flake8 --exclude .git,pycache,docs/conf.py,build,dist,env

After your code is done, feel free to open a new pull request.

References

• https://github.com/defrex/django-encrypted-fields
• https://github.com/orcasgit/django-fernet-fields