Add and document reencrypt_fields command

2025-03-21 15:58:52 +01:00 · 2025-03-21 15:58:52 +01:00 · 4e603246f7
commit 4e603246f7
parent 899bffb974
5 changed files with 41 additions and 0 deletions
--- a/.env.example
+++ b/.env.example
@ -5,10 +5,13 @@
 SERVALA_ENVIRONMENT='development'

 # Set SERVALA_PREVIOUS_SECRET_KEY when rotating to a new secret key in order to not expire all sessions and to remain able to read encrypted fields!
+# In order to retire the previous key, run the ``reencrypt_fields`` command. Once you drop the previous secret key from
+# the rotation, all sessions that still rely on that key will be invalidated (i.e., users will have to log in again).
 # SERVALA_PREVIOUS_SECRET_KEY=''
 SERVALA_SECRET_KEY='django-insecure-8sl^1&1f-$3%w7cf)q(rcvi4jo(#s3ug-@be0ooc2ioep*&%7@'

 # Set SERVALA_PREVIOUS_SALT_KEY when rotating to a new salt in order to remain able to read encrypted fields!
+# In order to retire the previous key, run the ``reencrypt_fields`` command.
 # SERVALA_PREVIOUS_SALT_KEY=''
 SERVALA_SALT_KEY='eed6UaCi3euZojai5Iequ8ochookun1o'