{"id":8094,"library":"django-cryptography","title":"Django Cryptography","description":"django-cryptography simplifies encrypting data within Django models and applications. It provides encrypted model fields and utilities based on the `cryptography` library. The current version is 1.1, with releases occurring periodically to maintain compatibility with Django and the underlying `cryptography` library.","status":"active","version":"1.1","language":"en","source_language":"en","source_url":"https://github.com/georgemarshall/django-cryptography","tags":["django","encryption","security","data-privacy","fields"],"install":[{"cmd":"pip install django-cryptography","lang":"bash","label":"Install stable version"}],"dependencies":[{"reason":"Core framework for integration.","package":"Django","optional":false},{"reason":"Provides the underlying encryption primitives (Fernet).","package":"cryptography","optional":false}],"imports":[{"symbol":"EncryptedCharField","correct":"from django_cryptography.fields import EncryptedCharField"},{"symbol":"EncryptedTextField","correct":"from django_cryptography.fields import EncryptedTextField"},{"symbol":"encrypt","correct":"from django_cryptography.core import encrypt"},{"symbol":"decrypt","correct":"from django_cryptography.core import decrypt"},{"note":"This field was removed in version 1.0. For key management, use the DJANGO_CRYPTOGRAPHY_KEY setting.","wrong":"from django_cryptography.fields import KeyGeneratingEncryptedField","symbol":"KeyGeneratingEncryptedField","correct":"N/A (removed in v1.0)"}],"quickstart":{"code":"import os\n\n# settings.py\nINSTALLED_APPS = [\n    # ...\n    'django_cryptography',\n]\n\n# Generate a key once with: `from cryptography.fernet import Fernet; Fernet.generate_key().decode()`\n# Set this as an environment variable, e.g., export DJANGO_CRYPTOGRAPHY_KEY='YOUR_GENERATED_KEY'\nDJANGO_CRYPTOGRAPHY_KEY = os.environ.get('DJANGO_CRYPTOGRAPHY_KEY', '')\n\n\n# myapp/models.py\nfrom django.db import models\nfrom django_cryptography.fields import EncryptedCharField\n\nclass SecretNote(models.Model):\n    title = models.CharField(max_length=100)\n    content = EncryptedCharField(max_length=500)\n\n    def __str__(self):\n        return self.title\n\n# Example usage in a Django shell or view:\n# from myapp.models import SecretNote\n# note = SecretNote.objects.create(title='Top Secret', content='This is highly confidential information.')\n# print(note.content) # decrypted value\n# stored_value = SecretNote.objects.values_list('content', flat=True).get(pk=note.pk) # will be encrypted bytes\n# print(f\"Stored (encrypted): {stored_value}\")","lang":"python","description":"To get started, install the package, add `django_cryptography` to your `INSTALLED_APPS`, and configure the `DJANGO_CRYPTOGRAPHY_KEY` in your Django settings. This key must be a base64-encoded Fernet key, typically loaded from an environment variable for security. You can then use `EncryptedCharField` or `EncryptedTextField` in your models to automatically encrypt and decrypt data."},"warnings":[{"fix":"Migrate your key management to use the `DJANGO_CRYPTOGRAPHY_KEY` environment variable. Generate a new Fernet key if you were using the old key generation methods, and update your `settings.py`.","message":"Version 1.0 introduced significant breaking changes to key management. The `KEY_NAME` and `KEY_STORE` settings were removed, and the `DJANGO_CRYPTOGRAPHY_KEY` setting (loaded from an environment variable) became the sole method for providing the encryption key.","severity":"breaking","affected_versions":"<1.0"},{"fix":"Remove `KeyGeneratingEncryptedField` usage from your models. Ensure `DJANGO_CRYPTOGRAPHY_KEY` is properly configured in your settings. If you need to generate a key, do so manually using `Fernet.generate_key()`.","message":"The `KeyGeneratingEncryptedField` was removed in version 1.0, simplifying the API by making key management an application-level concern via settings.","severity":"breaking","affected_versions":"<1.0"},{"fix":"Ensure `DJANGO_CRYPTOGRAPHY_KEY` is set correctly in your environment or `settings.py`. A valid key can be generated once with `from cryptography.fernet import Fernet; Fernet.generate_key().decode()`.","message":"The `DJANGO_CRYPTOGRAPHY_KEY` must be a valid base64-encoded Fernet key. If it's missing, malformed, or doesn't match the key used for encryption, data will not be encrypted/decrypted correctly, leading to `InvalidToken` errors.","severity":"gotcha","affected_versions":"All versions >=1.0"},{"fix":"Manually create a data migration to iterate through existing records, decrypt (if necessary, e.g., if switching encryption libraries), and then re-save the data using the new encrypted field type. This will trigger the encryption on save.","message":"Changing an existing `CharField` or `TextField` to an `EncryptedCharField` or `EncryptedTextField` on a model with existing data requires a data migration to encrypt the old data. A simple `makemigrations` and `migrate` will not automatically encrypt existing plaintext data.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Set `DJANGO_CRYPTOGRAPHY_KEY = os.environ.get('DJANGO_CRYPTOGRAPHY_KEY')` in your `settings.py` and ensure the `DJANGO_CRYPTOGRAPHY_KEY` environment variable is set with a valid base64-encoded Fernet key. Example: `export DJANGO_CRYPTOGRAPHY_KEY=\"$(python -c 'from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())')\"`.","cause":"The `DJANGO_CRYPTOGRAPHY_KEY` setting is not found or is an empty string in your Django `settings.py`.","error":"django.core.exceptions.ImproperlyConfigured: The DJANGO_CRYPTOGRAPHY_KEY setting must be configured."},{"fix":"Verify that your `DJANGO_CRYPTOGRAPHY_KEY` is exactly as generated by `Fernet.generate_key().decode()`. If the key is correct, the data itself might be corrupted or encrypted with a different key. Ensure the same key is used for encryption and decryption.","cause":"The `DJANGO_CRYPTOGRAPHY_KEY` is not a correctly formatted base64-encoded Fernet key, or the encrypted data itself is corrupted/invalid.","error":"cryptography.fernet.InvalidToken: Token is not URL-safe base64-encoded"},{"fix":"First, ensure it's installed: `pip install django-cryptography`. Second, add `'django_cryptography'` to your `INSTALLED_APPS` list in `settings.py`.","cause":"The `django-cryptography` package is not installed or not added to your `INSTALLED_APPS`.","error":"ModuleNotFoundError: No module named 'django_cryptography'"},{"fix":"Remove any references to `KeyGeneratingEncryptedField` from your models and code. Manage your encryption key explicitly via the `DJANGO_CRYPTOGRAPHY_KEY` setting.","cause":"You are trying to import `KeyGeneratingEncryptedField`, which was removed in version 1.0 of `django-cryptography`.","error":"AttributeError: 'module' object has no attribute 'KeyGeneratingEncryptedField'"}]}