0

I am creating a website using Django, my website will encrypt uploaded files and another user can then download the files unencrypted.

It's pretty straightforward encrypting in python (I am using the cryptography python library), but where do I store the encryption key?

I encrypt the files in case the database or source code has been compromised. Then I can't store the encryption key as a file or in the database.

Where can I store the encryption key?

Bob
  • 5
  • 2

1 Answers1

0

You can create a .env file and store it in there. I would recommend you do the same for your SECRET_KEY in your settings

You can do something like this (just below imports in the top of your file (be it settings / views or something different):

#pip install environs is required
from environs import Env

env = Env()
env.read_env()

#
# some code here
#

SECRET_KEY = env.str("SECRET_KEY")

And your .env would look something like:

SECRET_KEY=VerySecretKey
ENCRYPTION_KEY=SomeEncryptionKey

More info can be found here

Tim-Bolhoeve
  • 189
  • 7
  • Sorry for the late reply, I am encrypting uploaded files in case a hacker has got the source code and database. Couldn't the hacker just open the .env file to see the encryption key and secret key? – Bob Sep 02 '22 at 11:35
  • Then I would recommend you follow: [This stackoverflow question](https://stackoverflow.com/a/12909305/19868773), which explains why you should put it in a folder readable by root only. – Tim-Bolhoeve Sep 02 '22 at 11:44
  • Since you've been helpful answering this question, is it possible you could help with [this one](https://stackoverflow.com/questions/73582338/how-to-create-and-save-that-file-to-django-model)? – Bob Sep 02 '22 at 12:09
  • It seems you've already accepted a given answer, so i will refrain from answering myself. – Tim-Bolhoeve Sep 05 '22 at 07:14