Forem

Caleb Hearth
Caleb Hearth

Posted on • Originally published at calebhearth.com on

Decryption/CypherError on Rails 7.1 Apps with Encrypted Columns After Upgrading from Previous Versions

When upgrading to Rails 7.1 with any models using the encrypts macro from ActiveRecord::Encryption, be wary of upgrading the config.load_defaults in config/application.rb from 7.0 to 7.1. The 7.1 defaults for ActiveRecord::Encryption include a combination of settings that can lead to your app being unable to decrypt data that it previously encrypted:

active_record.encryption.hash_digest_class = OpenSSL::Digest::SHA256 active_record.encryption.support_sha1_for_non_deterministic_encryption = false 
Enter fullscreen mode Exit fullscreen mode

While the exception backtrace will probably include lines from your app, they won’t be helpful in identifying or resolving the issue except that you might notice that they include the getter method for a database column that you’ve defined with encrypts. You’ll see an error with a backtrace ending something like:

.../encryptor.rb:58:in `rescue in decrypt': ActiveRecord::Encryption::Errors::Decryption (ActiveRecord::Encryption::Errors::Decryption) .../cipher/aes256_gcm.rb:79:in `rescue in...
Enter fullscreen mode Exit fullscreen mode

Read More

Do your career a big favor. Join DEV. (The website you're on right now)

It takes one minute, it's free, and is worth it for your career.

Get started

Community matters

Top comments (0)

👋 Kindness is contagious

Dive into an ocean of knowledge with this thought-provoking post, revered deeply within the supportive DEV Community. Developers of all levels are welcome to join and enhance our collective intelligence.

Saying a simple "thank you" can brighten someone's day. Share your gratitude in the comments below!

On DEV, sharing ideas eases our path and fortifies our community connections. Found this helpful? Sending a quick thanks to the author can be profoundly valued.

Okay