GSoC 2025 Proposal: EncryptDecryptField for Django

Overview

Hello Django Community!

My name is Avinash Prajapati, and I am proposing a GSoC 2025 project to introduce a new Django model field: EncryptDecryptField.

The Problem

Django provides built-in security mechanisms, but storing sensitive text data securely often requires custom solutions. Developers currently have to:

1. Manually encrypt/decrypt fields before storing/retrieving data.
2. Use third-party packages that may not integrate well with Django’s ORM.
3. Implement custom model field logic for encryption, adding complexity to projects.

Why Does This Matter?

• Helps developers securely store PII (Personally Identifiable Information), API keys, and sensitive text data without extra setup.
• Reduces the risk of data leaks by providing encryption at the model field level.
• Simplifies encryption for Django users, making security more accessible.

What I Am Proposing

I propose adding a new Django model field, EncryptDecryptField, which:

Key Features:

Allows automatic encryption and decryption of text fields.
Supports custom encryption keys or key generation functions.
Integrates seamlessly with Django’s ORM, working like any other model field.
Ensures data security at the application level with minimal developer effort.

Project status will be soon in github at end of 1st week of April.

March 26 - March 31, 2025: Initial research and community engagement and working on prototype to see working
April 8, 2025: Proposal submission deadline

Milestone Breakdown

Phase 1: Research and Preparation (March last week)

• Analyze existing encryption solutions in Django.
• Identify best practices for integrating encryption into Django model fields.
• Consult with Django security experts for guidance.

Phase 2: Core Implementation (Weeks 1)

• Develop the EncryptDecryptField model field.
• Implement encryption and decryption logic using secure algorithms.
• Add support for both static keys and dynamic key generation functions.

Phase 3: Testing and Validation (Ahead 2 weeks )

• Develop a comprehensive test suite.
• Test encryption across multiple Django versions and databases.
• Validate security and performance under real-world conditions.

Phase 4: Documentation and Deployment (Last week)

• Write detailed documentation and usage guides.
• Prepare security best practices for developers using EncryptDecryptField.
• Finalize packaging and prepare a Django core pull request.

Future Scope

Expand support for binary data encryption (e.g., EncryptDecryptBinaryField).
Provide integration with Django’s form fields for encrypted data input handling.
Enhance security features like automatic key rotation and encryption policies.
Provides support for different encryption algorithms (e.g., AES, Fernet, etc.).

Why This Project?

Built-in Security – Reduces reliance on third-party packages for encryption.
Seamless ORM Integration – Works like any other Django model field.
Data Protection – Helps developers comply with security regulations (e.g., GDPR, HIPAA).
Performance Optimized – Designed to balance security and efficiency.

Seeking Feedback & Mentorship

I’d love to collaborate with the Django community to refine this idea. Your feedback and guidance would be invaluable in shaping this proposal.

Proposal GitHub link will be made public based on positive responses from the Django mentors and community.

It is very important because

• we often need to store data in encrypted format and we do manual creating funtions for encrypt and decrypt but with this pass the data and type of encryption algo and you are good to go
• you can also pass the key from .env in this field in views.py if need which makes it perfect for flexible.
• i really want this feature in Django. If anyone interested in doing this together with me then reply me.
• And, i am also really looking forward to genuinely contribute to Django, So any guidence from mentors and experience developers will be helpful.