|
2 | 2 | Configuring Queryable Encryption |
3 | 3 | ================================ |
4 | 4 |
|
| 5 | +.. _server-side-queryable-encryption: |
| 6 | + |
5 | 7 | Configuring Queryable Encryption in Django is similar to |
6 | 8 | :doc:`manual:core/queryable-encryption/quick-start` but with some additional |
7 | 9 | steps required for Django. |
8 | 10 |
|
9 | | -.. admonition:: Server-side Queryable Encryption |
| 11 | +Server-side Queryable Encryption |
| 12 | +-------------------------------- |
| 13 | + |
| 14 | +Server-side Queryable Encryption allows you to begin developing applications |
| 15 | +without needing to define the encrypted fields map at the time of connection |
| 16 | +to the database. |
| 17 | + |
| 18 | +.. admonition:: What about client-side Queryable Encryption? |
10 | 19 |
|
11 | | - This section describes how to configure server side Queryable |
12 | | - Encryption in Django. For configuration of client side Queryable Encryption, |
13 | | - please refer to this :ref:`FAQ question <queryable-encryption>`. |
| 20 | + For configuration of client-side Queryable Encryption, |
| 21 | + please refer to this :ref:`see below <client-side-queryable-encryption>`. |
14 | 22 |
|
15 | 23 | Prerequisites |
16 | 24 | ------------- |
@@ -80,3 +88,69 @@ database router. Here's how to set it up in your Django settings. |
80 | 88 |
|
81 | 89 | You are now ready to use server side :doc:`Queryable Encryption |
82 | 90 | </topics/queryable-encryption>` in your Django project. |
| 91 | + |
| 92 | +.. _client-side-queryable-encryption: |
| 93 | + |
| 94 | +Client-side Queryable Encryption |
| 95 | +-------------------------------- |
| 96 | + |
| 97 | +In the :ref:`section above <server-side-queryable-encryption-settings>`, |
| 98 | +server-side Queryable Encryption configuration is covered. |
| 99 | + |
| 100 | +Client side Queryable Encryption configuration requires that the entire |
| 101 | +encrypted fields map be known at the time of client connection. |
| 102 | + |
| 103 | +Encrypted fields map |
| 104 | +~~~~~~~~~~~~~~~~~~~~ |
| 105 | + |
| 106 | +In addition to the |
| 107 | +:ref:`settings described in the how-to guide <server-side-queryable-encryption-settings>`, |
| 108 | +you will need to provide a ``encrypted_fields_map`` to the |
| 109 | +``AutoEncryptionOpts``. |
| 110 | + |
| 111 | +Fortunately, this is easy to do with Django MongoDB Backend. You can use |
| 112 | +the ``createencryptedfieldsmap`` management command to generate the schema map |
| 113 | +for your encrypted fields, and then use the results in your settings. |
| 114 | + |
| 115 | +To generate the encrypted fields map, run the following command in your Django |
| 116 | +project:: |
| 117 | + |
| 118 | + python manage.py createencryptedfieldsmap |
| 119 | + |
| 120 | +.. note:: The ``createencryptedfieldsmap`` command is only available if you |
| 121 | + have the ``django_mongodb_backend`` app included in the |
| 122 | + :setting:`INSTALLED_APPS` setting. |
| 123 | + |
| 124 | +Settings |
| 125 | +~~~~~~~~ |
| 126 | + |
| 127 | +Now include the generated schema map in your Django settings:: |
| 128 | + |
| 129 | + … |
| 130 | + DATABASES["encrypted"] = { |
| 131 | + … |
| 132 | + "OPTIONS": { |
| 133 | + "auto_encryption_opts": AutoEncryptionOpts( |
| 134 | + … |
| 135 | + encrypted_fields_map = { |
| 136 | + "encryption__patientrecord": { |
| 137 | + "fields": [ |
| 138 | + { |
| 139 | + "bsonType": "string", |
| 140 | + "path": "ssn", |
| 141 | + "queries": {"queryType": "equality"}, |
| 142 | + "keyId": Binary(b"\x14F\x89\xde\x8d\x04K7\xa9\x9a\xaf_\xca\x8a\xfb&", 4), |
| 143 | + }, |
| 144 | + } |
| 145 | + }, |
| 146 | + # Add other models with encrypted fields here |
| 147 | + }, |
| 148 | + ), |
| 149 | + … |
| 150 | + }, |
| 151 | + … |
| 152 | + } |
| 153 | + |
| 154 | +You are now ready to use client-side |
| 155 | +:doc:`Queryable Encryption </topics/queryable-encryption>` |
| 156 | +in your Django project. |
0 commit comments