column_cryptor is a gem that makes it easy to encrypt/decrypt ActiveRecord columns using a private key. If you need to store some sensitive information in your database, then this makes it easy to keep it encrypted.
column_cryptor is NOT a good solution for something like credit card information. Do everyone a favor and use a vault-like service. Instead, use
column_cryptor to encrypt a user's phone number or other one-off bits of information you'd like to keep secret.
Add to your Gemfile:
Next, use the generator to create an initializer with a random private key:
rails generate column_cryptor:install
This will create a file called
config/initializers/column_cryptor.rb that looks something like:
ColumnCryptor.private_key = "ssWII/MrFX8EmHMjG/5+un0mnYF5UeG2k7ajSjaKayU=\n"
Those random characters represent a Base64-encoded private key suitable for encrypting and decrypting data using
column_cryptor. It's recommended that you move that private key somewhere outside your code, such as to a yaml file or as an environment variable. Just be sure to set
ColumnCryptor.private_key to your key.
Encrypting some data
Once installed, you can then encrypt an ActiveRecord column like so:
class User < ActiveRecord::Base encrypts :phone_number end
Getters and setters will be created for each column, automatically encrypting/decrypting
Generating a new private key
You can create a new private key using the
This will return a Base64-encoded string representing a random private key. Be sure to leave it as-is (with the new-line at the end!) or ColumnCryptor won't know what do with it.
Note that once you've started using a private key, if you ever lose it, all of your encrypted data will be lost with it. You also can't change your private key on the fly: you would need to first decrypt all of your data and then re-encrypt with your new private key.
column_cryptor requires Ruby 1.9+, and Rails 3.0 or later. The tests are written with Test::Unit and shoulda.
column_cryptor is written by Ryan Twomey and Costa Walcott, and is Copyright 2012 SCVNGR, Inc. It is free software, and may be redistributed under the terms specified in the MIT-LICENSE file.