Script3r | Isaac Elbaz

Django Encrypted Fields

 tips  190  1 min

As a Django framework user, I often encounter myself needing to encrypt one or more model fields. Over the years, I’ve used several easy to use encrypted fields projects that provided access to encrypted version of widely used fields such as EncryptedCharField, EncryptedTextField and others.

Sadly, most of the packages I’ve used have been deprecated, including https://github.com/defrex/django-encrypted-fields and https://github.com/orcasgit/django-fernet-fields.

For these reasons, I put together a set of Django encrypted fields backed by Google Tink, a widely used cryptography library with robust support for managing keysets and integrations with cloud KMS systems.

To get started:

1

pip install django-tink-fields

Then, create a stanza in settings.py for TINK_FIELDS_CONFIG:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

TINK_FIELDS_CONFIG = {
    "default": {
        "cleartext": False,
        "path": "/path/to/an/encryted_keyset.json",
    },
    "another": {
        "cleartext": True,
        "path": "/path/to/a/cleartext_keyset.json",
    }
}

You can create Tink keysets via tinkey. Click here to learn more.

With that in place, you can simply make use of fields avaialble in tink_fields.fields such as EncryptedCharField, EncryptedTextField and more:

1
2
3
4
5

from django.db import models
from tink_fields import EncryptedCharField

class SomeModel(models.Model):
    some_value = EncryptedCharField(max_length=32)

For full documentation visit https://github.com/script3r/django-tink-fields.

updatedupdated2022-05-232022-05-23