Home > Blockchain >  Where do I store the encryption key when encrypting in Django?
Where do I store the encryption key when encrypting in Django?

Time:09-03

I am creating a website using Django, my website will encrypt uploaded files and another user can then download the files unencrypted.

It's pretty straightforward encrypting in python (I am using the cryptography python library), but where do I store the encryption key?

I encrypt the files in case the database or source code has been compromised. Then I can't store the encryption key as a file or in the database.

Where can I store the encryption key?

CodePudding user response:

You can create a .env file and store it in there. I would recommend you do the same for your SECRET_KEY in your settings

You can do something like this (just below imports in the top of your file (be it settings / views or something different):

#pip install environs is required
from environs import Env

env = Env()
env.read_env()

#
# some code here
#

SECRET_KEY = env.str("SECRET_KEY")

And your .env would look something like:

SECRET_KEY=VerySecretKey
ENCRYPTION_KEY=SomeEncryptionKey

More info can be found here

  • Related