SECRET_KEY is still used for some calculations even if CRYPTOGRAPHY_KEY is set
glennmatthews opened this issue · comments
Per the documentation,
CRYPTOGRAPHY_KEY
Default: None
When value is None a key will be derived from SECRET_KEY. Otherwise the value will be used for the key.
This documentation is incorrect, or at least incomplete. I can confirm that even when CRYPTOGRAPHY_KEY
is set, some calculations still use SECRET_KEY
. This can be demonstrated by populating some encrypted fields, then changing SECRET_KEY
- a BadSignature error will be reported on trying to access the fields, but changing SECRET_KEY
back to its old value will restore normal operation.
In other words, once you begin using this library, you may never change SECRET_KEY
again, even if you're defining CRYPTOGRAPHY_KEY
as the documentation recommends.
Duplicate of #37?
Faced the same issue.
Steps to reproduce:
- Start new project, install
django-cryptography
, set bothSECRET_KEY
andCRYPTOGRAPHY_KEY
- Add at least 1 instance of model with encrypted field
- Change value of
SECRET_KEY
Expected result: encrypted fields may be decrypted as CRYPTOGRAPHY_KEY
wasn't changed
Actual result: BadSignature
because encryption key changed.
FWIW I've just attempted to replicate this issue and with ...
Django==4.2.11
django-cryptography==1.1
.... the dependency on SECRET_KEY is still the case.
Just doing a PR to reflect the situation in the documentation.