Django Custom Model Field with Encryption and Search Support

Snippet

Django Custom Model Field with Encryption and Search Support

This custom model field implements field-level encryption using Fernet symmetric encryption while preserving search functionality through a hashed search index. The field derives a consistent encryption key from the secret, stores encrypted data as base64, and maintains a SHA-256 hash of the lowercase value for searchability without decrypting.

snippet.py

python

import hashlib
from django.db import models
from cryptography.fernet import Fernet
import base64
 
class EncryptedTextField(models.TextField):
    """Custom field that stores encrypted data while maintaining search capability."""
    
    def __init__(self, encryption_key=None, searchable=True, *args, **kwargs):
        self.encryption_key = encryption_key or settings.SECRET_KEY
        self.searchable = searchable
        self._search_index = None
        super().__init__(*args, **kwargs)
    
    def deconstruct(self):
        name, path, args, kwargs = super().deconstruct()
        kwargs['encryption_key'] = self.encryption_key
        kwargs['searchable'] = self.searchable
        return name, path, args, kwargs
    
    def get_prep_value(self, value):
        if not value:
            return value
        fernet = Fernet(self._derive_key())
        encrypted = fernet.encrypt(value.encode())
        if self.searchable:
            self._search_index = hashlib.sha256(value.lower().encode()).hexdigest()
        return base64.urlsafe_b64encode(encrypted).decode()
    
    def from_db_value(self, value, expression, connection):
        if not value:
            return value
        fernet = Fernet(self._derive_key())
        decrypted = fernet.decrypt(base64.urlsafe_b64decode(value.encode()))
        return decrypted.decode()
    
    def _derive_key(self):
        key_bytes = hashlib.pbkdf2_hmac('sha256', self.encryption_key.encode(), b'salt', 100000)
        return base64.urlsafe_b64encode(key_bytes)
    
    def search(self, queryset, search_term):
        if not self.searchable:
            raise ValueError("This field is not searchable")
        search_hash = hashlib.sha256(search_term.lower().encode()).hexdigest()
        return queryset.filter(**{f'{self.attname}__search_index': search_hash})

django

Breakdown

class EncryptedTextField(models.TextField)

Extends Django's TextField to add encryption layer while maintaining database compatibility

def get_prep_value(self, value)

Called before saving to database - encrypts value and generates search index hash

fernet = Fernet(self._derive_key())

Creates Fernet instance with PBKDF2-derived key for key stretching security

self._search_index = hashlib.sha256(value.lower().encode()).hexdigest()

Generates searchable hash of lowercase value enabling case-insensitive search without decryption

def search(self, queryset, search_term)

Class method enabling field-specific search using pre-computed hash index

Previous snippet Next snippet

More Expert Python exercises →

From your library

Django Custom Model Field with Encryption and Search Support

Related