If you're storing any sensitive data such as API Keys, or personal data you should probably be encrypting it within your database. A fantastic gem to do this with is lockbox.
While the best defence against losing sensitive data is to not save it in the first place, you may have a scenerio where you require it later on. From this perspective, it's ideal to make sure you make it as hard for the evil people as possible.
Examples of data you might want to consider encrypting are:
- API Credentials, for example the tokens you receive from an OAuth request.
- Email & Postal Address
- Personally Identifiable Information (PII)
Start by generating a key using
Lockbox.generate_key, store the results as the ENV
# .env LOCKBOX_MASTER_KEY="Generate with Lockbox.generate_key"
Create a migration for the field you'd like to encrypt. Once you've decided on the accessor, append
_ciphertext to that name.
class AddApiKeyCiphertextToPosts < ActiveRecord::Migration[6.1] def change add_column :posts, :api_key_ciphertext, :text end end
Lastly, use the
encrypts magic within your model to give you a setter & getter which stores its value in that
*_ciphertext column as an encrypted value.
# app/models/post.rb class Post < ApplicationRecord # Stored in api_key_ciphertext but encrypted 🤯 encrypts :api_key end