How to store encrypted data?












0














I'm new to ruby on rails, and I'm developing an application that will have very sensitive data (api keys from other websites) and I need to store it encrypted in a db but without knowing them at any time.



Let me explain myself:




  1. The form asks the user for his api keys

  2. Encrypt them

  3. Store it in the db


The main question is, how do I encrypt them in such a way that I can use them later (still without knowing them)?



Sorry if the question is silly, but I can't find a way to do it, and thanks.






ruby-on-rails ruby ruby-on-rails-3 rubygems







share|improve this question
























  • medium.com/@getzired/…
    – Hardik Upadhyay
    Nov 16 at 9:56
















0














I'm new to ruby on rails, and I'm developing an application that will have very sensitive data (api keys from other websites) and I need to store it encrypted in a db but without knowing them at any time.



Let me explain myself:




  1. The form asks the user for his api keys

  2. Encrypt them

  3. Store it in the db


The main question is, how do I encrypt them in such a way that I can use them later (still without knowing them)?



Sorry if the question is silly, but I can't find a way to do it, and thanks.






ruby-on-rails ruby ruby-on-rails-3 rubygems







share|improve this question
























  • medium.com/@getzired/…
    – Hardik Upadhyay
    Nov 16 at 9:56














0












0








0







I'm new to ruby on rails, and I'm developing an application that will have very sensitive data (api keys from other websites) and I need to store it encrypted in a db but without knowing them at any time.



Let me explain myself:




  1. The form asks the user for his api keys

  2. Encrypt them

  3. Store it in the db


The main question is, how do I encrypt them in such a way that I can use them later (still without knowing them)?



Sorry if the question is silly, but I can't find a way to do it, and thanks.






ruby-on-rails ruby ruby-on-rails-3 rubygems







share|improve this question















I'm new to ruby on rails, and I'm developing an application that will have very sensitive data (api keys from other websites) and I need to store it encrypted in a db but without knowing them at any time.



Let me explain myself:




  1. The form asks the user for his api keys

  2. Encrypt them

  3. Store it in the db


The main question is, how do I encrypt them in such a way that I can use them later (still without knowing them)?



Sorry if the question is silly, but I can't find a way to do it, and thanks.






ruby-on-rails ruby ruby-on-rails-3 rubygems




ruby-on-rails ruby ruby-on-rails-3 rubygems






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 16 at 9:49









ProgrammerPer

477511




477511










asked Nov 16 at 9:38









Guillem Acero

82




82












  • medium.com/@getzired/…
    – Hardik Upadhyay
    Nov 16 at 9:56


















  • medium.com/@getzired/…
    – Hardik Upadhyay
    Nov 16 at 9:56
















medium.com/@getzired/…
– Hardik Upadhyay
Nov 16 at 9:56




medium.com/@getzired/…
– Hardik Upadhyay
Nov 16 at 9:56












2 Answers
2






active

oldest

votes


















1














I've used attr_encrypted for this. Works great.



  class User

    attr_encrypted :ssn, key: 'This is a key that is 256 bits!!'

  end


You then work with ssn as if it were a plain field



 user = User.find(1)

 puts user.ssn


but it's encrypted at rest (in the database) and can't be retrieved without the key.






share|improve this answer





























    0














    def encrypt text
    
  text = text.to_s unless text.is_a? String
    

    
  len   = ActiveSupport::MessageEncryptor.key_len
    
  salt  = SecureRandom.hex len
    
  key   = ActiveSupport::KeyGenerator.new(Rails.application.secrets.secret_key_base).generate_key salt, len
    
  crypt = ActiveSupport::MessageEncryptor.new key
    
  encrypted_data = crypt.encrypt_and_sign text
    
  "#{salt}$$#{encrypted_data}"
    
end
    

    
def decrypt text
    
  salt, data = text.split "$$"
    

    
  len   = ActiveSupport::MessageEncryptor.key_len
    
  key   = ActiveSupport::KeyGenerator.new(Rails.application.secrets.secret_key_base).generate_key salt, len
    
  crypt = ActiveSupport::MessageEncryptor.new key
    
  crypt.decrypt_and_verify data
    
end


    Pass the key to encrypt method and store the returned encrypted value in DB.
    Then to decrypt pass the encrypted key to the decrypt method.



    This is assuming your Secret Key Base is in Rails.application.secrets.secret_key_base



    The original source for the answer is here






    share|improve this answer























    • Useful when you need to encrypt data in flight, but when one only needs to store it encrypted, then attr_encrypted offers much better effort/effect ratio, IMHO.
      – Sergio Tulentsev
      Nov 16 at 10:03










    • That said, I have a feeling that MessageEncryptor will come in handy in my current task :)
      – Sergio Tulentsev
      Nov 16 at 10:04










    • Yes, if you wanted to save passwords then attr_encrypted can be handy. But if you want to save API keys MessageEncryptor will do the job. Both have their own use cases.
      – Abhilash Reddy
      Nov 16 at 10:12










    • Hm? There's literally no difference between the two (when applied to saving data to the database). Except one abstracts the persistence and encryption and the other doesn't. Why would one prefer MessageEncryptor if their goal is to save encrypted data? It's just more work for no benefit at all.
      – Sergio Tulentsev
      Nov 16 at 10:14








    • 1




      Sorry I was thinking of something else! You're correct both does the similar job!!
      – Abhilash Reddy
      Nov 16 at 10:18











    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53335066%2fhow-to-store-encrypted-data%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1














    I've used attr_encrypted for this. Works great.



      class User
    
    attr_encrypted :ssn, key: 'This is a key that is 256 bits!!'
    
  end


    You then work with ssn as if it were a plain field



     user = User.find(1)
    
 puts user.ssn


    but it's encrypted at rest (in the database) and can't be retrieved without the key.






    share|improve this answer


























      1














      I've used attr_encrypted for this. Works great.



        class User
      
    attr_encrypted :ssn, key: 'This is a key that is 256 bits!!'
      
  end


      You then work with ssn as if it were a plain field



       user = User.find(1)
      
 puts user.ssn


      but it's encrypted at rest (in the database) and can't be retrieved without the key.






      share|improve this answer
























        1












        1








        1






        I've used attr_encrypted for this. Works great.



          class User
        
    attr_encrypted :ssn, key: 'This is a key that is 256 bits!!'
        
  end


        You then work with ssn as if it were a plain field



         user = User.find(1)
        
 puts user.ssn


        but it's encrypted at rest (in the database) and can't be retrieved without the key.






        share|improve this answer












        I've used attr_encrypted for this. Works great.



          class User
        
    attr_encrypted :ssn, key: 'This is a key that is 256 bits!!'
        
  end


        You then work with ssn as if it were a plain field



         user = User.find(1)
        
 puts user.ssn


        but it's encrypted at rest (in the database) and can't be retrieved without the key.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 16 at 9:51









        Sergio Tulentsev

        179k30289304




        179k30289304

























            0














            def encrypt text
            
  text = text.to_s unless text.is_a? String
            

            
  len   = ActiveSupport::MessageEncryptor.key_len
            
  salt  = SecureRandom.hex len
            
  key   = ActiveSupport::KeyGenerator.new(Rails.application.secrets.secret_key_base).generate_key salt, len
            
  crypt = ActiveSupport::MessageEncryptor.new key
            
  encrypted_data = crypt.encrypt_and_sign text
            
  "#{salt}$$#{encrypted_data}"
            
end
            

            
def decrypt text
            
  salt, data = text.split "$$"
            

            
  len   = ActiveSupport::MessageEncryptor.key_len
            
  key   = ActiveSupport::KeyGenerator.new(Rails.application.secrets.secret_key_base).generate_key salt, len
            
  crypt = ActiveSupport::MessageEncryptor.new key
            
  crypt.decrypt_and_verify data
            
end


            Pass the key to encrypt method and store the returned encrypted value in DB.
            Then to decrypt pass the encrypted key to the decrypt method.



            This is assuming your Secret Key Base is in Rails.application.secrets.secret_key_base



            The original source for the answer is here






            share|improve this answer























            • Useful when you need to encrypt data in flight, but when one only needs to store it encrypted, then attr_encrypted offers much better effort/effect ratio, IMHO.
              – Sergio Tulentsev
              Nov 16 at 10:03










            • That said, I have a feeling that MessageEncryptor will come in handy in my current task :)
              – Sergio Tulentsev
              Nov 16 at 10:04










            • Yes, if you wanted to save passwords then attr_encrypted can be handy. But if you want to save API keys MessageEncryptor will do the job. Both have their own use cases.
              – Abhilash Reddy
              Nov 16 at 10:12










            • Hm? There's literally no difference between the two (when applied to saving data to the database). Except one abstracts the persistence and encryption and the other doesn't. Why would one prefer MessageEncryptor if their goal is to save encrypted data? It's just more work for no benefit at all.
              – Sergio Tulentsev
              Nov 16 at 10:14








            • 1




              Sorry I was thinking of something else! You're correct both does the similar job!!
              – Abhilash Reddy
              Nov 16 at 10:18
















            0














            def encrypt text
            
  text = text.to_s unless text.is_a? String
            

            
  len   = ActiveSupport::MessageEncryptor.key_len
            
  salt  = SecureRandom.hex len
            
  key   = ActiveSupport::KeyGenerator.new(Rails.application.secrets.secret_key_base).generate_key salt, len
            
  crypt = ActiveSupport::MessageEncryptor.new key
            
  encrypted_data = crypt.encrypt_and_sign text
            
  "#{salt}$$#{encrypted_data}"
            
end
            

            
def decrypt text
            
  salt, data = text.split "$$"
            

            
  len   = ActiveSupport::MessageEncryptor.key_len
            
  key   = ActiveSupport::KeyGenerator.new(Rails.application.secrets.secret_key_base).generate_key salt, len
            
  crypt = ActiveSupport::MessageEncryptor.new key
            
  crypt.decrypt_and_verify data
            
end


            Pass the key to encrypt method and store the returned encrypted value in DB.
            Then to decrypt pass the encrypted key to the decrypt method.



            This is assuming your Secret Key Base is in Rails.application.secrets.secret_key_base



            The original source for the answer is here






            share|improve this answer























            • Useful when you need to encrypt data in flight, but when one only needs to store it encrypted, then attr_encrypted offers much better effort/effect ratio, IMHO.
              – Sergio Tulentsev
              Nov 16 at 10:03










            • That said, I have a feeling that MessageEncryptor will come in handy in my current task :)
              – Sergio Tulentsev
              Nov 16 at 10:04










            • Yes, if you wanted to save passwords then attr_encrypted can be handy. But if you want to save API keys MessageEncryptor will do the job. Both have their own use cases.
              – Abhilash Reddy
              Nov 16 at 10:12










            • Hm? There's literally no difference between the two (when applied to saving data to the database). Except one abstracts the persistence and encryption and the other doesn't. Why would one prefer MessageEncryptor if their goal is to save encrypted data? It's just more work for no benefit at all.
              – Sergio Tulentsev
              Nov 16 at 10:14








            • 1




              Sorry I was thinking of something else! You're correct both does the similar job!!
              – Abhilash Reddy
              Nov 16 at 10:18














            0












            0








            0






            def encrypt text
            
  text = text.to_s unless text.is_a? String
            

            
  len   = ActiveSupport::MessageEncryptor.key_len
            
  salt  = SecureRandom.hex len
            
  key   = ActiveSupport::KeyGenerator.new(Rails.application.secrets.secret_key_base).generate_key salt, len
            
  crypt = ActiveSupport::MessageEncryptor.new key
            
  encrypted_data = crypt.encrypt_and_sign text
            
  "#{salt}$$#{encrypted_data}"
            
end
            

            
def decrypt text
            
  salt, data = text.split "$$"
            

            
  len   = ActiveSupport::MessageEncryptor.key_len
            
  key   = ActiveSupport::KeyGenerator.new(Rails.application.secrets.secret_key_base).generate_key salt, len
            
  crypt = ActiveSupport::MessageEncryptor.new key
            
  crypt.decrypt_and_verify data
            
end


            Pass the key to encrypt method and store the returned encrypted value in DB.
            Then to decrypt pass the encrypted key to the decrypt method.



            This is assuming your Secret Key Base is in Rails.application.secrets.secret_key_base



            The original source for the answer is here






            share|improve this answer














            def encrypt text
            
  text = text.to_s unless text.is_a? String
            

            
  len   = ActiveSupport::MessageEncryptor.key_len
            
  salt  = SecureRandom.hex len
            
  key   = ActiveSupport::KeyGenerator.new(Rails.application.secrets.secret_key_base).generate_key salt, len
            
  crypt = ActiveSupport::MessageEncryptor.new key
            
  encrypted_data = crypt.encrypt_and_sign text
            
  "#{salt}$$#{encrypted_data}"
            
end
            

            
def decrypt text
            
  salt, data = text.split "$$"
            

            
  len   = ActiveSupport::MessageEncryptor.key_len
            
  key   = ActiveSupport::KeyGenerator.new(Rails.application.secrets.secret_key_base).generate_key salt, len
            
  crypt = ActiveSupport::MessageEncryptor.new key
            
  crypt.decrypt_and_verify data
            
end


            Pass the key to encrypt method and store the returned encrypted value in DB.
            Then to decrypt pass the encrypted key to the decrypt method.



            This is assuming your Secret Key Base is in Rails.application.secrets.secret_key_base



            The original source for the answer is here







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Nov 16 at 10:07









            Sergio Tulentsev

            179k30289304




            179k30289304










            answered Nov 16 at 10:00









            Abhilash Reddy

            1,1301618




            1,1301618












            • Useful when you need to encrypt data in flight, but when one only needs to store it encrypted, then attr_encrypted offers much better effort/effect ratio, IMHO.
              – Sergio Tulentsev
              Nov 16 at 10:03










            • That said, I have a feeling that MessageEncryptor will come in handy in my current task :)
              – Sergio Tulentsev
              Nov 16 at 10:04










            • Yes, if you wanted to save passwords then attr_encrypted can be handy. But if you want to save API keys MessageEncryptor will do the job. Both have their own use cases.
              – Abhilash Reddy
              Nov 16 at 10:12










            • Hm? There's literally no difference between the two (when applied to saving data to the database). Except one abstracts the persistence and encryption and the other doesn't. Why would one prefer MessageEncryptor if their goal is to save encrypted data? It's just more work for no benefit at all.
              – Sergio Tulentsev
              Nov 16 at 10:14








            • 1




              Sorry I was thinking of something else! You're correct both does the similar job!!
              – Abhilash Reddy
              Nov 16 at 10:18


















            • Useful when you need to encrypt data in flight, but when one only needs to store it encrypted, then attr_encrypted offers much better effort/effect ratio, IMHO.
              – Sergio Tulentsev
              Nov 16 at 10:03










            • That said, I have a feeling that MessageEncryptor will come in handy in my current task :)
              – Sergio Tulentsev
              Nov 16 at 10:04










            • Yes, if you wanted to save passwords then attr_encrypted can be handy. But if you want to save API keys MessageEncryptor will do the job. Both have their own use cases.
              – Abhilash Reddy
              Nov 16 at 10:12










            • Hm? There's literally no difference between the two (when applied to saving data to the database). Except one abstracts the persistence and encryption and the other doesn't. Why would one prefer MessageEncryptor if their goal is to save encrypted data? It's just more work for no benefit at all.
              – Sergio Tulentsev
              Nov 16 at 10:14








            • 1




              Sorry I was thinking of something else! You're correct both does the similar job!!
              – Abhilash Reddy
              Nov 16 at 10:18
















            Useful when you need to encrypt data in flight, but when one only needs to store it encrypted, then attr_encrypted offers much better effort/effect ratio, IMHO.
            – Sergio Tulentsev
            Nov 16 at 10:03




            Useful when you need to encrypt data in flight, but when one only needs to store it encrypted, then attr_encrypted offers much better effort/effect ratio, IMHO.
            – Sergio Tulentsev
            Nov 16 at 10:03












            That said, I have a feeling that MessageEncryptor will come in handy in my current task :)
            – Sergio Tulentsev
            Nov 16 at 10:04




            That said, I have a feeling that MessageEncryptor will come in handy in my current task :)
            – Sergio Tulentsev
            Nov 16 at 10:04












            Yes, if you wanted to save passwords then attr_encrypted can be handy. But if you want to save API keys MessageEncryptor will do the job. Both have their own use cases.
            – Abhilash Reddy
            Nov 16 at 10:12




            Yes, if you wanted to save passwords then attr_encrypted can be handy. But if you want to save API keys MessageEncryptor will do the job. Both have their own use cases.
            – Abhilash Reddy
            Nov 16 at 10:12












            Hm? There's literally no difference between the two (when applied to saving data to the database). Except one abstracts the persistence and encryption and the other doesn't. Why would one prefer MessageEncryptor if their goal is to save encrypted data? It's just more work for no benefit at all.
            – Sergio Tulentsev
            Nov 16 at 10:14






            Hm? There's literally no difference between the two (when applied to saving data to the database). Except one abstracts the persistence and encryption and the other doesn't. Why would one prefer MessageEncryptor if their goal is to save encrypted data? It's just more work for no benefit at all.
            – Sergio Tulentsev
            Nov 16 at 10:14






            1




            1




            Sorry I was thinking of something else! You're correct both does the similar job!!
            – Abhilash Reddy
            Nov 16 at 10:18




            Sorry I was thinking of something else! You're correct both does the similar job!!
            – Abhilash Reddy
            Nov 16 at 10:18


















            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53335066%2fhow-to-store-encrypted-data%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            How to change which sound is reproduced for terminal bell?

            Image
            3 Recently upgrade to 18.10 from 18.04, and using the terminal is becoming annoying: the new alert sound is a drip ( /usr/share/sounds/gnome/default/alerts/drip.ogg ), and the previous one is still located at ( /usr/share/sounds/ubuntu/stereo/bell.ogg ). My issue is that at the gnome-terminal, when autocompleting or pressing left BOTH sounds are reproduced, at the same time. I want to just have ubuntu/stereo/bell.ogg active, not both . At the moment I have been only able to reduce the volume of the alerts (but still both are played), or turn the alerts down (but I dislike both "solutions"). gnome-terminal 18.10 teminal-bell share | improve this question
            Read more

            Title Spacing in Bjornstrup Chapter, Removing Chapter Number From Contents

            Image
            up vote 5 down vote favorite 2 I would like to make it so that the vertical space below the title of each chapter is the same when using the Bjornstrup package (i.e. so that the descenders do not affect the spacing - as shown by the red arrow in the picture below). I think I'm fairly happy with the spacing around "A chapter", so I'd really like titles without descenders (e.g. "Contents") to have the same vertical spacing as "A chapter" below the title. I would also like to remove the large "0" in the contents title. Any help appreciated, as always. documentclass[11pt,a4paper]{book} % Packages[![enter image description here][1]][1] usepackage[left=3.5cm, right=3.5cm, top=4.3cm, bottom=4.25cm]{geometry} usepackage[utf8]{inputenc} usepackage{libertine} usepackage[libertine]{newtx
            Read more

            Can I use Tabulator js library in my java Spring + Thymeleaf project?

            Image
            0 I want to add Tabulator js to my java project. I added tabulator.min.js, tabulator.min.css to resources folder. After that added to my html page these dependencies as recommending in readme.md. <link rel="stylesheet" th:href="@{/css/tabulator.min.css}"> <script type="text/javascript" th:src="@{/js/tabulator.min.js}"></script> Now my tables view all elements, that I have in the html page, but not correct. In the documentation of Tabulator is example how to create header and table, var table = new Tabulator("#example-table", { columns:[ {title:"Name", field:"name", sorter:"string", width:200, editor:true}, {title:"Age", field:"age", sorter:"
            Read more