Feasibility of modifying PostgreSQL ORM/Driver to integrate CipherStash for in use data encryption #92
-
I am exploring the potential of integrating CipherStash into DjangoCRM. CipherStash enables in-use encryption by modifying database queries using EQL and eqlpy to encrypt/decrypt data transparently. Since Django CRM supports PostgreSQL as its database, I am curious about the feasibility and effort required to modify the ORM or PostgreSQL driver to achieve this. Here are some key points I am considering:
Any insights, suggestions, or references to similar projects would be greatly appreciated. I’d love to hear about potential pitfalls, architectural considerations, or best practices for this kind of integration. Thank you in advance for your guidance! |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
@calvinbrewer I imagine you're somewhat well informed about how psycopg works 😁. Django makes use of it via the django.db.backends.postgresql engine. I would imagine that an effort to integrate with Django, or any projects on the Django platform, would likely begin with overriding the Direct integration with DjangoCRM is probably not what you're really after, as that'd expose CipherStash to one project instead of the much larger Django ecosystem. I hope this helps even a little, and best of luck to you! |
Beta Was this translation helpful? Give feedback.
-
Thanks @rgs258 - I appreciate the insight and the example you shared, it’s very helpful! You’re right, targeting the Django ecosystem more broadly is definitely our intent, but wanted to see if anyone here had a particular use case. Overriding django.db.backends.postgresql looks like a solid starting point, and I’ll dig into the django_prometheus example to see how we might adapt it for CipherStash. Thanks again for the direction! |
Beta Was this translation helpful? Give feedback.
@calvinbrewer I imagine you're somewhat well informed about how psycopg works 😁. Django makes use of it via the django.db.backends.postgresql engine. I would imagine that an effort to integrate with Django, or any projects on the Django platform, would likely begin with overriding the
django.db.backends.postgresql
engine such that data types are mapped, etc.. https://github.com/korfuri/django-prometheus/blob/master/django_prometheus/db/backends/postgresql/base.py is one example of such an override, albeit much more simplistic than you're after.Direct integration with DjangoCRM is probably not what you're really after, as that'd expose CipherStash to one project instead of the much larger…