Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SQLite3 support? #45

Closed
gworkman opened this issue Feb 13, 2023 · 1 comment
Closed

SQLite3 support? #45

gworkman opened this issue Feb 13, 2023 · 1 comment

Comments

@gworkman
Copy link

gworkman commented Feb 13, 2023
edited

Hi! This is an awesome library, I've integrated it into apps several times before without issues.

I'm in the middle of writing a blog post for how to integrate cloak and cloak_ecto into the Phoenix auth generators, to encrypt the user's email while data is at rest. In my previous attempts, I've always used PostgreSQL as my database. But recently, I've been using SQLite3 more since it is small, lightweight and easy to get set up.

However, I'm wondering if the library does not support the SQLite database adapter for some reason, or if I am not doing something obvious here - I'm getting the following error when trying to insert fields.

[error] GenServer #PID<0.610.0> terminating
** (Ecto.ChangeError) value `"me@example.com"` for `SecureApp.Accounts.User.email` in `insert` does not match type SecureApp.Encrypted.Binary
    (ecto 3.9.4) lib/ecto/repo/schema.ex:1010: Ecto.Repo.Schema.dump_field!/6
    (ecto 3.9.4) lib/ecto/repo/schema.ex:1019: anonymous fn/6 in Ecto.Repo.Schema.dump_fields!/5
    (stdlib 4.1.1) maps.erl:411: :maps.fold_1/3
    (ecto 3.9.4) lib/ecto/repo/schema.ex:1017: Ecto.Repo.Schema.dump_fields!/5
    (ecto 3.9.4) lib/ecto/repo/schema.ex:951: Ecto.Repo.Schema.dump_changes!/7
    (ecto 3.9.4) lib/ecto/repo/schema.ex:359: anonymous fn/15 in Ecto.Repo.Schema.do_insert/4
    (secure_app 0.1.0) lib/secure_app_web/live/user_registration_live.ex:54: SecureAppWeb.UserRegistrationLive.handle_event/3

I've set up and started the Vault module, as well as integrated the Binary and HMAC types:

defmodule SecureApp.Vault do
  use Cloak.Vault, otp_app: :secure_app
end

defmodule SecureApp.Encrypted.Binary do
  use Cloak.Ecto.Binary, vault: SecureApp.Vault
end

defmodule SecureApp.Hashed.HMAC do
  use Cloak.Ecto.HMAC, otp_app: :secure_app
end

The schema is as following:

  schema "users" do
    field :email, SecureApp.Encrypted.Binary
    field :email_hashed, SecureApp.Hashed.HMAC
    field :password, :string, virtual: true, redact: true
    field :hashed_password, :string, redact: true
    field :confirmed_at, :naive_datetime

    timestamps()
  end

I haven't gotten a chance to switch the database adapter over to Postgres yet, but that will be my next debugging step. Just wondering if I am missing something here?

The code (WIP) for the blog post is public, you can find it here. It is a very minimal working example of the error I am seeing.

Thanks!
@gworkman
Copy link
Author

Hmm I actually think I figured it out - it was a configuration issue.

The following is what is in the cheatsheet:

# config/runtime.exs
config :my_app, MyApp.MyVault,
    ciphers: [
      default: Cloak.Ciphers.AES.GCM, 
      tag: "AES.GCM.V1", 
      key: Base.decode64!("your-key-here"),
      iv_length: 12
    ]

However the documentation for Cloak.Vault module shows configuration as:

config :my_app, MyApp.Vault,
  json_library: Jason,
  ciphers: [
    default: {Cloak.Ciphers.AES.GCM, tag: "AES.GCM.V1", key: <<...>>}
  ]

(note the parameter for the keyword list of :default is a tuple in the second version)

I made a pull request to update the docs in the Cloak repo!
Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gworkman