#6 attr_encrypted


Protecting your data within your database has never been easier. With attr_encrypted, you can easily add a level of security to your application without much refactoring.
rails security 4:11


Gemfile  gem 'attr_encrypted'
bash  rails g migration add_message_to_users encrypted_message
user.rb  attr_encrypted :message, key: 'a secret key'

  <%= simple_form_for(@user) do |f| %>
    <%= f.error_notification %>

    <div class="form-inputs">
      <%= f.input :first_name %>
      <%= f.input :last_name %>
      <%= f.input :message %>

    <div class="form-actions">
      <%= f.button :submit %>
  <% end %>

Schwad said almost 3 years ago on attr_encrypted :

I *really* enjoyed this screencast, and can't wait to try out this gem on my next app! Keep up the good work and thanks again!

volker said almost 3 years ago on attr_encrypted :

Hi there,

thanks a lot for the great series, especially for this episode, which lead me to trying out this gem.

With my tests, I am running into problems. I am trying out to encrypt the safeword of my user model.

class User < ApplicationRecord
attr_encrypted :safeword,
                 key: Rails.application.secrets.attr_encrypted_key,
                 encode: true,
                 encode_iv: true,
                 encode_salt: true

The new standard of attr_encrypted needs an iv_column for the encrypted field. So my fixtures like:

  name: SterlingArcher
  password_digest: <%= User.digest('password') %>
  safeword: safeword

fail with a "table "user" has no column named "safeword"" error.

I would like to replace "safeword" with

encrypted_safeword: <%= User.encrypt_safeword('safeword', key: Rails.application.secrets.attr_encrypted_key)

But how to I set the required "encrypted_safeword_iv" field? How do I calculate the iv value?

Any help is very appreciated!

Thanks a lot!



chabgood said over 1 year ago on attr_encrypted :

I have a rails 5 app that is an API, I am getting this error:
It was working fine before I added the gem.
ActiveRecord::StatementInvalid (Mysql2::Error: Unknown column 'disclosure_forms.name' in 'where clause': SELECT disclosure_forms.* FROM disclosure_forms WHERE disclosure_forms.name = 'Chris Habgood' LIMIT 1):

Login to Comment