Reputation: 4419
DB encryption for Django web app without storing key on server
We are setting up a virtual private server (not hosted by us), on which we will be user testing our Django-based web application. The user-generated content produced in these tests will be very sensitive. We would like to keep this content encrypted, for example in case back-up media goes missing. The content will be stored in a MySQL or SQLite database.
As I understand it, we cannot encrypt the file system of the VPS. If we encrypt the database, using something like SQLcipher (http://sqlcipher.net/), is there a way of passing the key to Django without storing it on the server? We will be booting up the server for each test, so that part is not a concern.
Thank you!
Upvotes: 0
Views: 967
Answers (1)
Reputation: 33923
Sounds like you would want an admin user to manually enter the key into a form as part of the login process, and have Django use that.
Upvotes: 2
Related Questions
- Encrypt Django project
- Key encyption, front-end back-end question
- Is there a way to encrypt the MySQL password stored in Django?
- A good way to encrypt database fields?
- Django: Encrypted password to legacy (not auth_user) table
- Generating encrypted passwords in mysql, to populate a django database
- Strategies for Encryption with Django + Postgres?
- How can you store a rsa key pair in a django model / sqlite db
- Django and field encryption with database ENCRYPTBYKEY function
- How can I encrypt my django code?