A FileSystemStorage subclass for Django that encrypts/compresses with PZip.
pip install django-pzip-storage
The simplest way to use PZipStorage is by setting your
DEFAULT_FILE_STORAGE to
pzip_storage.PZipStorage. By default, PZipStorage will use your SECRET_KEY setting as the encryption key.
IMPORTANT: Encrypting with SECRET_KEY means you must keep SECRET_KEY a secret, and if you lose or reset it
without first rotating the keys of all stored files, they will be lost forever.
PZipStorage may be used with existing unencrypted files, as a drop-in replacement for FileSystemStorage. If it
determined the requested file is not a PZip file, it will delegate to FileSystemStorage after emitting a
needs_encryption signal (see below).
You may also use PZipStorage as a custom storage backend anywhere Django allows it; see
Managing Files in the Django documentation for more information.
PZIP_STORAGE_EXTENSION- the extension to append to any file saved withPZipStorage. Defaults to.pz.PZIP_STORAGE_NOCOMPRESS- a set of file extensions (with leading period) which should not be compressed when saving. SeePZipStorage.DEFAULT_NOCOMPRESSfor the default list.PZIP_STORAGE_KEYS- an iterable (or callable returning an iterable) of keys to use. The first key on the list will be used for encrypting files. Defaults toPZipStorage.default_keys, which yieldsSECRET_KEY.
These settings may be overridden on a per-storage basis by instantiating PZipStorage manually with extension or
nocompress keyword arguments.
PZipStorage emits a number of signals when opening files in various circumstances:
pzip_storage.needs_rotation- sent when a file was decrypted using an old key, i.e. not the first key in the provided list.pzip_storage.needs_encryption- sent when an unencrypted file was opened.pzip_storage.bad_keys- sent when an encrypted file was opened, but no keys in the list could decrypt it.
You may listen for these signals to do things like gradual encryption, key rotation, or logging.