Update docs active record encryption (in Rotating keys section) #42542
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Honestly, I am not sure this is was expected or bug, but.
When I tried to implement the rotating keys of the Active record encryption using the edge Rails (Github main branch), I found that Rails using the last primary keys rather first one when encrypts the new content.
I try to reproduce this step-by-step in this bellow:
First, I am generating the active record encryption keys:
Then, creating the article model:
Then, add the config to see the related references key in the database:
Then, I try to add some records:
Seems like, the key was for the records was
YmM2Mg==
.And then, I tried to rotate the key, followed the docs I add the new key in the first place, like this:
And try to create the new article:
And the references key still the same, that is "YmM2Mg==", so I try to switch the position to this:
And, then try to create new record:
It works as expected, the reference key was changed to
Mjc2OA==
from the old one (YmM2Mg==
).So, because of that I assumed active record encryption using the last key for encrypts the new content instead of the first one.
But, again I am not sure this is just for a typo in docs or this is a bugs, so feel free to decline the PR ya :)
Thank you.
Other Information
None.