Improving the Rails Guide around setting up Active Record Encryption
This commit is contained in:
parent
5415d3a19a
commit
2ccc2c2fe2
@ -29,7 +29,7 @@ But more importantly, by using Active Record Encryption, you define what constit
|
||||
|
||||
### Setup
|
||||
|
||||
First, you need to add some keys to your [Rails credentials](/security.html#custom-credentials). Run `bin/rails db:encryption:init` to generate a random key set:
|
||||
Run `bin/rails db:encryption:init` to generate a random key set:
|
||||
|
||||
```bash
|
||||
$ bin/rails db:encryption:init
|
||||
@ -41,6 +41,14 @@ active_record_encryption:
|
||||
key_derivation_salt: xEY0dt6TZcAMg52K7O84wYzkjvbA62Hz
|
||||
```
|
||||
|
||||
These values can be stored by copying and pasting the generated values into your existing [Rails credentials](/security.html#custom-credentials). Alternatively, these values can be configured from other sources, such as environment variables:
|
||||
|
||||
```ruby
|
||||
config.active_record.encryption.primary_key = ENV['ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY']
|
||||
config.active_record.encryption.deterministic_key = ENV['ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY']
|
||||
config.active_record.encryption.key_derivation_salt = ENV['ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT']
|
||||
```
|
||||
|
||||
NOTE: These generated values are 32 bytes in length. If you generate these yourself, the minimum lengths you should use are 12 bytes for the primary key (this will be used to derive the AES 32 bytes key) and 20 bytes for the salt.
|
||||
|
||||
### Declaration of Encrypted Attributes
|
||||
|
Loading…
Reference in New Issue
Block a user