0

We are setting up a virtual private server (not hosted by us), on which we will be user testing our Django-based web application. The user-generated content produced in these tests will be very sensitive. We would like to keep this content encrypted, for example in case back-up media goes missing. The content will be stored in a MySQL or SQLite database.

As I understand it, we cannot encrypt the file system of the VPS. If we encrypt the database, using something like SQLcipher (http://sqlcipher.net/), is there a way of passing the key to Django without storing it on the server? We will be booting up the server for each test, so that part is not a concern.

Thank you!

Improve this question

1 Answer 1

Reset to default
2

Sounds like you would want an admin user to manually enter the key into a form as part of the login process, and have Django use that.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Yes, that sounds reasonable. I have tried to find out how to do that. Is there some way of taking the key as a command-line parameter instead of entering it into settings.py?
You don't want the key itself in settings.py because then it'd be saved on the server. You could manually export an environment variable on the command line each time you start up the server, it'd be in memory only, and then use that in settings.py.
eg SQL_KEY="xxx"; export SQL_KEY and then in settings.py... import os; SQL_KEY = os.environ['SQL_KEY']

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.