attr_encrypted

#6 attr_encrypted
7/26/2015

Summary

Protecting your data within your database has never been easier. With attr_encrypted, you can easily add a level of security to your application without much refactoring.
5
rails security 4:11 min

Summary

Gemfile  gem 'attr_encrypted'
bash  rails g migration add_message_to_users encrypted_message
user.rb  attr_encrypted :message, key: 'a secret key'

  <%= simple_form_for(@user) do |f| %>
    <%= f.error_notification %>

    <div class="form-inputs">
      <%= f.input :first_name %>
      <%= f.input :last_name %>
      <%= f.input :message %>
    </div>

    <div class="form-actions">
      <%= f.button :submit %>
    </div>
  <% end %>

7865030?v=3&s=64
Schwad said 6 months ago:

I *really* enjoyed this screencast, and can't wait to try out this gem on my next app! Keep up the good work and thanks again!

2065286?v=3&s=64
volker said 4 months ago:

Hi there,

thanks a lot for the great series, especially for this episode, which lead me to trying out this gem.


With my tests, I am running into problems. I am trying out to encrypt the safeword of my user model.

class User < ApplicationRecord
...  
attr_encrypted :safeword,
                 key: Rails.application.secrets.attr_encrypted_key,
                 encode: true,
                 encode_iv: true,
                 encode_salt: true
...
end


The new standard of attr_encrypted needs an iv_column for the encrypted field. So my fixtures like:

user.yml
archer:
  name: SterlingArcher
  password_digest: <%= User.digest('password') %>
  safeword: safeword

fail with a "table "user" has no column named "safeword"" error.

I would like to replace "safeword" with

encrypted_safeword: <%= User.encrypt_safeword('safeword', key: Rails.application.secrets.attr_encrypted_key)

But how to I set the required "encrypted_safeword_iv" field? How do I calculate the iv value?

Any help is very appreciated!

Thanks a lot!

Cheers,

Volker






Login to Comment