How to store encrypted data?












0














I'm new to ruby on rails, and I'm developing an application that will have very sensitive data (api keys from other websites) and I need to store it encrypted in a db but without knowing them at any time.



Let me explain myself:




  1. The form asks the user for his api keys

  2. Encrypt them

  3. Store it in the db


The main question is, how do I encrypt them in such a way that I can use them later (still without knowing them)?



Sorry if the question is silly, but I can't find a way to do it, and thanks.






ruby-on-rails ruby ruby-on-rails-3 rubygems







share|improve this question
























  • medium.com/@getzired/…
    – Hardik Upadhyay
    Nov 16 at 9:56
















0














I'm new to ruby on rails, and I'm developing an application that will have very sensitive data (api keys from other websites) and I need to store it encrypted in a db but without knowing them at any time.



Let me explain myself:




  1. The form asks the user for his api keys

  2. Encrypt them

  3. Store it in the db


The main question is, how do I encrypt them in such a way that I can use them later (still without knowing them)?



Sorry if the question is silly, but I can't find a way to do it, and thanks.






ruby-on-rails ruby ruby-on-rails-3 rubygems







share|improve this question
























  • medium.com/@getzired/…
    – Hardik Upadhyay
    Nov 16 at 9:56














0












0








0







I'm new to ruby on rails, and I'm developing an application that will have very sensitive data (api keys from other websites) and I need to store it encrypted in a db but without knowing them at any time.



Let me explain myself:




  1. The form asks the user for his api keys

  2. Encrypt them

  3. Store it in the db


The main question is, how do I encrypt them in such a way that I can use them later (still without knowing them)?



Sorry if the question is silly, but I can't find a way to do it, and thanks.






ruby-on-rails ruby ruby-on-rails-3 rubygems







share|improve this question















I'm new to ruby on rails, and I'm developing an application that will have very sensitive data (api keys from other websites) and I need to store it encrypted in a db but without knowing them at any time.



Let me explain myself:




  1. The form asks the user for his api keys

  2. Encrypt them

  3. Store it in the db


The main question is, how do I encrypt them in such a way that I can use them later (still without knowing them)?



Sorry if the question is silly, but I can't find a way to do it, and thanks.






ruby-on-rails ruby ruby-on-rails-3 rubygems




ruby-on-rails ruby ruby-on-rails-3 rubygems






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 16 at 9:49









ProgrammerPer

477511




477511










asked Nov 16 at 9:38









Guillem Acero

82




82












  • medium.com/@getzired/…
    – Hardik Upadhyay
    Nov 16 at 9:56


















  • medium.com/@getzired/…
    – Hardik Upadhyay
    Nov 16 at 9:56
















medium.com/@getzired/…
– Hardik Upadhyay
Nov 16 at 9:56




medium.com/@getzired/…
– Hardik Upadhyay
Nov 16 at 9:56












2 Answers
2






active

oldest

votes


















1














I've used attr_encrypted for this. Works great.



  class User

    attr_encrypted :ssn, key: 'This is a key that is 256 bits!!'

  end


You then work with ssn as if it were a plain field



 user = User.find(1)

 puts user.ssn


but it's encrypted at rest (in the database) and can't be retrieved without the key.






share|improve this answer





























    0














    def encrypt text
    
  text = text.to_s unless text.is_a? String
    

    
  len   = ActiveSupport::MessageEncryptor.key_len
    
  salt  = SecureRandom.hex len
    
  key   = ActiveSupport::KeyGenerator.new(Rails.application.secrets.secret_key_base).generate_key salt, len
    
  crypt = ActiveSupport::MessageEncryptor.new key
    
  encrypted_data = crypt.encrypt_and_sign text
    
  "#{salt}$$#{encrypted_data}"
    
end
    

    
def decrypt text
    
  salt, data = text.split "$$"
    

    
  len   = ActiveSupport::MessageEncryptor.key_len
    
  key   = ActiveSupport::KeyGenerator.new(Rails.application.secrets.secret_key_base).generate_key salt, len
    
  crypt = ActiveSupport::MessageEncryptor.new key
    
  crypt.decrypt_and_verify data
    
end


    Pass the key to encrypt method and store the returned encrypted value in DB.
    Then to decrypt pass the encrypted key to the decrypt method.



    This is assuming your Secret Key Base is in Rails.application.secrets.secret_key_base



    The original source for the answer is here






    share|improve this answer























    • Useful when you need to encrypt data in flight, but when one only needs to store it encrypted, then attr_encrypted offers much better effort/effect ratio, IMHO.
      – Sergio Tulentsev
      Nov 16 at 10:03










    • That said, I have a feeling that MessageEncryptor will come in handy in my current task :)
      – Sergio Tulentsev
      Nov 16 at 10:04










    • Yes, if you wanted to save passwords then attr_encrypted can be handy. But if you want to save API keys MessageEncryptor will do the job. Both have their own use cases.
      – Abhilash Reddy
      Nov 16 at 10:12










    • Hm? There's literally no difference between the two (when applied to saving data to the database). Except one abstracts the persistence and encryption and the other doesn't. Why would one prefer MessageEncryptor if their goal is to save encrypted data? It's just more work for no benefit at all.
      – Sergio Tulentsev
      Nov 16 at 10:14








    • 1




      Sorry I was thinking of something else! You're correct both does the similar job!!
      – Abhilash Reddy
      Nov 16 at 10:18











    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53335066%2fhow-to-store-encrypted-data%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1














    I've used attr_encrypted for this. Works great.



      class User
    
    attr_encrypted :ssn, key: 'This is a key that is 256 bits!!'
    
  end


    You then work with ssn as if it were a plain field



     user = User.find(1)
    
 puts user.ssn


    but it's encrypted at rest (in the database) and can't be retrieved without the key.






    share|improve this answer


























      1














      I've used attr_encrypted for this. Works great.



        class User
      
    attr_encrypted :ssn, key: 'This is a key that is 256 bits!!'
      
  end


      You then work with ssn as if it were a plain field



       user = User.find(1)
      
 puts user.ssn


      but it's encrypted at rest (in the database) and can't be retrieved without the key.






      share|improve this answer
























        1












        1








        1






        I've used attr_encrypted for this. Works great.



          class User
        
    attr_encrypted :ssn, key: 'This is a key that is 256 bits!!'
        
  end


        You then work with ssn as if it were a plain field



         user = User.find(1)
        
 puts user.ssn


        but it's encrypted at rest (in the database) and can't be retrieved without the key.






        share|improve this answer












        I've used attr_encrypted for this. Works great.



          class User
        
    attr_encrypted :ssn, key: 'This is a key that is 256 bits!!'
        
  end


        You then work with ssn as if it were a plain field



         user = User.find(1)
        
 puts user.ssn


        but it's encrypted at rest (in the database) and can't be retrieved without the key.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 16 at 9:51









        Sergio Tulentsev

        179k30289304




        179k30289304

























            0














            def encrypt text
            
  text = text.to_s unless text.is_a? String
            

            
  len   = ActiveSupport::MessageEncryptor.key_len
            
  salt  = SecureRandom.hex len
            
  key   = ActiveSupport::KeyGenerator.new(Rails.application.secrets.secret_key_base).generate_key salt, len
            
  crypt = ActiveSupport::MessageEncryptor.new key
            
  encrypted_data = crypt.encrypt_and_sign text
            
  "#{salt}$$#{encrypted_data}"
            
end
            

            
def decrypt text
            
  salt, data = text.split "$$"
            

            
  len   = ActiveSupport::MessageEncryptor.key_len
            
  key   = ActiveSupport::KeyGenerator.new(Rails.application.secrets.secret_key_base).generate_key salt, len
            
  crypt = ActiveSupport::MessageEncryptor.new key
            
  crypt.decrypt_and_verify data
            
end


            Pass the key to encrypt method and store the returned encrypted value in DB.
            Then to decrypt pass the encrypted key to the decrypt method.



            This is assuming your Secret Key Base is in Rails.application.secrets.secret_key_base



            The original source for the answer is here






            share|improve this answer























            • Useful when you need to encrypt data in flight, but when one only needs to store it encrypted, then attr_encrypted offers much better effort/effect ratio, IMHO.
              – Sergio Tulentsev
              Nov 16 at 10:03










            • That said, I have a feeling that MessageEncryptor will come in handy in my current task :)
              – Sergio Tulentsev
              Nov 16 at 10:04










            • Yes, if you wanted to save passwords then attr_encrypted can be handy. But if you want to save API keys MessageEncryptor will do the job. Both have their own use cases.
              – Abhilash Reddy
              Nov 16 at 10:12










            • Hm? There's literally no difference between the two (when applied to saving data to the database). Except one abstracts the persistence and encryption and the other doesn't. Why would one prefer MessageEncryptor if their goal is to save encrypted data? It's just more work for no benefit at all.
              – Sergio Tulentsev
              Nov 16 at 10:14








            • 1




              Sorry I was thinking of something else! You're correct both does the similar job!!
              – Abhilash Reddy
              Nov 16 at 10:18
















            0














            def encrypt text
            
  text = text.to_s unless text.is_a? String
            

            
  len   = ActiveSupport::MessageEncryptor.key_len
            
  salt  = SecureRandom.hex len
            
  key   = ActiveSupport::KeyGenerator.new(Rails.application.secrets.secret_key_base).generate_key salt, len
            
  crypt = ActiveSupport::MessageEncryptor.new key
            
  encrypted_data = crypt.encrypt_and_sign text
            
  "#{salt}$$#{encrypted_data}"
            
end
            

            
def decrypt text
            
  salt, data = text.split "$$"
            

            
  len   = ActiveSupport::MessageEncryptor.key_len
            
  key   = ActiveSupport::KeyGenerator.new(Rails.application.secrets.secret_key_base).generate_key salt, len
            
  crypt = ActiveSupport::MessageEncryptor.new key
            
  crypt.decrypt_and_verify data
            
end


            Pass the key to encrypt method and store the returned encrypted value in DB.
            Then to decrypt pass the encrypted key to the decrypt method.



            This is assuming your Secret Key Base is in Rails.application.secrets.secret_key_base



            The original source for the answer is here






            share|improve this answer























            • Useful when you need to encrypt data in flight, but when one only needs to store it encrypted, then attr_encrypted offers much better effort/effect ratio, IMHO.
              – Sergio Tulentsev
              Nov 16 at 10:03










            • That said, I have a feeling that MessageEncryptor will come in handy in my current task :)
              – Sergio Tulentsev
              Nov 16 at 10:04










            • Yes, if you wanted to save passwords then attr_encrypted can be handy. But if you want to save API keys MessageEncryptor will do the job. Both have their own use cases.
              – Abhilash Reddy
              Nov 16 at 10:12










            • Hm? There's literally no difference between the two (when applied to saving data to the database). Except one abstracts the persistence and encryption and the other doesn't. Why would one prefer MessageEncryptor if their goal is to save encrypted data? It's just more work for no benefit at all.
              – Sergio Tulentsev
              Nov 16 at 10:14








            • 1




              Sorry I was thinking of something else! You're correct both does the similar job!!
              – Abhilash Reddy
              Nov 16 at 10:18














            0












            0








            0






            def encrypt text
            
  text = text.to_s unless text.is_a? String
            

            
  len   = ActiveSupport::MessageEncryptor.key_len
            
  salt  = SecureRandom.hex len
            
  key   = ActiveSupport::KeyGenerator.new(Rails.application.secrets.secret_key_base).generate_key salt, len
            
  crypt = ActiveSupport::MessageEncryptor.new key
            
  encrypted_data = crypt.encrypt_and_sign text
            
  "#{salt}$$#{encrypted_data}"
            
end
            

            
def decrypt text
            
  salt, data = text.split "$$"
            

            
  len   = ActiveSupport::MessageEncryptor.key_len
            
  key   = ActiveSupport::KeyGenerator.new(Rails.application.secrets.secret_key_base).generate_key salt, len
            
  crypt = ActiveSupport::MessageEncryptor.new key
            
  crypt.decrypt_and_verify data
            
end


            Pass the key to encrypt method and store the returned encrypted value in DB.
            Then to decrypt pass the encrypted key to the decrypt method.



            This is assuming your Secret Key Base is in Rails.application.secrets.secret_key_base



            The original source for the answer is here






            share|improve this answer














            def encrypt text
            
  text = text.to_s unless text.is_a? String
            

            
  len   = ActiveSupport::MessageEncryptor.key_len
            
  salt  = SecureRandom.hex len
            
  key   = ActiveSupport::KeyGenerator.new(Rails.application.secrets.secret_key_base).generate_key salt, len
            
  crypt = ActiveSupport::MessageEncryptor.new key
            
  encrypted_data = crypt.encrypt_and_sign text
            
  "#{salt}$$#{encrypted_data}"
            
end
            

            
def decrypt text
            
  salt, data = text.split "$$"
            

            
  len   = ActiveSupport::MessageEncryptor.key_len
            
  key   = ActiveSupport::KeyGenerator.new(Rails.application.secrets.secret_key_base).generate_key salt, len
            
  crypt = ActiveSupport::MessageEncryptor.new key
            
  crypt.decrypt_and_verify data
            
end


            Pass the key to encrypt method and store the returned encrypted value in DB.
            Then to decrypt pass the encrypted key to the decrypt method.



            This is assuming your Secret Key Base is in Rails.application.secrets.secret_key_base



            The original source for the answer is here







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Nov 16 at 10:07









            Sergio Tulentsev

            179k30289304




            179k30289304










            answered Nov 16 at 10:00









            Abhilash Reddy

            1,1301618




            1,1301618












            • Useful when you need to encrypt data in flight, but when one only needs to store it encrypted, then attr_encrypted offers much better effort/effect ratio, IMHO.
              – Sergio Tulentsev
              Nov 16 at 10:03










            • That said, I have a feeling that MessageEncryptor will come in handy in my current task :)
              – Sergio Tulentsev
              Nov 16 at 10:04










            • Yes, if you wanted to save passwords then attr_encrypted can be handy. But if you want to save API keys MessageEncryptor will do the job. Both have their own use cases.
              – Abhilash Reddy
              Nov 16 at 10:12










            • Hm? There's literally no difference between the two (when applied to saving data to the database). Except one abstracts the persistence and encryption and the other doesn't. Why would one prefer MessageEncryptor if their goal is to save encrypted data? It's just more work for no benefit at all.
              – Sergio Tulentsev
              Nov 16 at 10:14








            • 1




              Sorry I was thinking of something else! You're correct both does the similar job!!
              – Abhilash Reddy
              Nov 16 at 10:18


















            • Useful when you need to encrypt data in flight, but when one only needs to store it encrypted, then attr_encrypted offers much better effort/effect ratio, IMHO.
              – Sergio Tulentsev
              Nov 16 at 10:03










            • That said, I have a feeling that MessageEncryptor will come in handy in my current task :)
              – Sergio Tulentsev
              Nov 16 at 10:04










            • Yes, if you wanted to save passwords then attr_encrypted can be handy. But if you want to save API keys MessageEncryptor will do the job. Both have their own use cases.
              – Abhilash Reddy
              Nov 16 at 10:12










            • Hm? There's literally no difference between the two (when applied to saving data to the database). Except one abstracts the persistence and encryption and the other doesn't. Why would one prefer MessageEncryptor if their goal is to save encrypted data? It's just more work for no benefit at all.
              – Sergio Tulentsev
              Nov 16 at 10:14








            • 1




              Sorry I was thinking of something else! You're correct both does the similar job!!
              – Abhilash Reddy
              Nov 16 at 10:18
















            Useful when you need to encrypt data in flight, but when one only needs to store it encrypted, then attr_encrypted offers much better effort/effect ratio, IMHO.
            – Sergio Tulentsev
            Nov 16 at 10:03




            Useful when you need to encrypt data in flight, but when one only needs to store it encrypted, then attr_encrypted offers much better effort/effect ratio, IMHO.
            – Sergio Tulentsev
            Nov 16 at 10:03












            That said, I have a feeling that MessageEncryptor will come in handy in my current task :)
            – Sergio Tulentsev
            Nov 16 at 10:04




            That said, I have a feeling that MessageEncryptor will come in handy in my current task :)
            – Sergio Tulentsev
            Nov 16 at 10:04












            Yes, if you wanted to save passwords then attr_encrypted can be handy. But if you want to save API keys MessageEncryptor will do the job. Both have their own use cases.
            – Abhilash Reddy
            Nov 16 at 10:12




            Yes, if you wanted to save passwords then attr_encrypted can be handy. But if you want to save API keys MessageEncryptor will do the job. Both have their own use cases.
            – Abhilash Reddy
            Nov 16 at 10:12












            Hm? There's literally no difference between the two (when applied to saving data to the database). Except one abstracts the persistence and encryption and the other doesn't. Why would one prefer MessageEncryptor if their goal is to save encrypted data? It's just more work for no benefit at all.
            – Sergio Tulentsev
            Nov 16 at 10:14






            Hm? There's literally no difference between the two (when applied to saving data to the database). Except one abstracts the persistence and encryption and the other doesn't. Why would one prefer MessageEncryptor if their goal is to save encrypted data? It's just more work for no benefit at all.
            – Sergio Tulentsev
            Nov 16 at 10:14






            1




            1




            Sorry I was thinking of something else! You're correct both does the similar job!!
            – Abhilash Reddy
            Nov 16 at 10:18




            Sorry I was thinking of something else! You're correct both does the similar job!!
            – Abhilash Reddy
            Nov 16 at 10:18


















            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53335066%2fhow-to-store-encrypted-data%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Biblatex bibliography style without URLs when DOI exists (in Overleaf with Zotero bibliography)

            Image
            2 2 I have a Zotero bibliography in Overleaf. I use biblatex . usepackage[backend=biber,citestyle=authoryear]{biblatex} addbibresource{zoteroALH.bib} Bibliography entries look like: @book{de_saint-gervais_uniformization_2016, title = {Uniformization of {Riemann} {Surfaces}}, isbn = {978-3-03719-145-3}, url = {https://www.ems-ph.org/books/book.php?proj_nr=198&srch=series%7Chem}, urldate = {2019-02-03}, author = {de Saint-Gervais, Paul Henri}, year = {2016}, doi = {10.4171/145} } In the bibliography down the paper the reference shows like this: There is the DOI, great, but also the URL which is unnecessary when the DOI is there. How can I remove the URL when the DOI is present? biblatex bibliographies overleaf zote
            Read more

            ComboBox Display Member on multiple fields

            Image
            2 I'm trying to set the .DisplayMember property of a ComboBox in C#, but I want to bind it to multiple columns in the .DataSouce . My SQL looks like this: SELECT PersNbr, PersFirstName, PersMiddleName, PersLastName FROM Pers WHERE PersNbr = :persNbr; I'm saving this query in a DataTable so each column selected has it's own column in the Datatable . I want to make the .DisplayMember a combination of PersFirstName + PersMiddleName + PersLastName so their full name appears like this: comboBox.DisplayMemeber = "PersFirstName" + "PersMiddleName" + "PersLastName" I know I can just to this on the query: SELECT PersNbr, (PersFirstName || PersMiddleName || PersLastName) PersName and then just do this: comboBox.DisplayMember = "PersName"; but I
            Read more

            Is it possible to collect Nectar points via Trainline?

            Image
            2 Since I am not eligible for any Railcard, the only available discount/bonus scheme is Nectar Card for me. GWR, SWR, LNER and Virgin Trains allow to collect Nectar points and I have already linked a card to my GWR account. A friend suggested me to use Trainline App, because it can search for bus tickets either. I had a look at the application, but could not see any option for Nectar. Is there a way to collect Nectar points when I buy tickets via Trainline? uk trains loyalty-programs trainline share | improve this question asked Dec 2 '18 at 15:50 ahmedus 3,224 5 19 49
            Read more