1

I am planning to use python eve & cerberus to save some documents into a mongodb database. Some of this documents will have some sensible data (pseudo-passwords) which I do want to store encrypted.

I have thought that cerberus custom coercers is the perfect approach for this. However, I am not sure how to make cerberus persist data encrypted, and bring it back decrypted.

I have been looking for documentation, but I do not know if it is possible to specify when I do want to "encrypt" or "decrypt"

I would like something like:

def _normalize_coerce_encrypt_decrypt(self, encrypt=True, value):
        if encrypt:
            return encrypted(value)
        else:
            return decrypted(value)

Additional data

It is important that calling this coercer does not add extra normalizations such as add default values. I do only want to encrypt the fields, but let the rest of the document as it is

Is it possible to do something like this? How could I call this kind of coercer with this parameter?

Mayday
  • 4,680
  • 5
  • 24
  • 58
  • 1
    Have you checked eve hooks https://docs.python-eve.org/en/stable/features.html#event-hooks? You can use before_insert/update and on_fetched to encrypt/decrypt you data when saving and returning data from mongo. – gcw Jun 29 '20 at 11:26
  • Yes, I know about them, however, I do not want to need to read schema definition to find out which of these fields are "sensible" (I have this info in the schema currently). I feel like doing that would be not using the full power of cerberus & eve, if I have to parse whole schema myself for it – Mayday Jun 29 '20 at 11:31
  • Right, understood. As far as I known coerce only runs when storing data. – gcw Jun 29 '20 at 11:51

0 Answers0