API Guides

instance method encrypts

Ruby on Rails 7.2.3

Since v7.0.10

Available in: v7.0.10 v7.1.6 v7.2.3 v8.0.4 v8.1.2 

encrypts(*names, key_provider: nil, key: nil, deterministic: false, support_unencrypted_data: nil, downcase: false, ignore_case: false, previous: [], **context_properties)

Encrypts the name attribute.

Options

  • :key_provider - A key provider to provide encryption and decryption keys. Defaults to ActiveRecord::Encryption.key_provider.

  • :key - A password to derive the key from. It’s a shorthand for a :key_provider that serves derivated keys. Both options can’t be used at the same time.

  • :deterministic - By default, encryption is not deterministic. It will use a random initialization vector for each encryption operation. This means that encrypting the same content with the same key twice will generate different ciphertexts. When set to true, it will generate the initialization vector based on the encrypted content. This means that the same content will generate the same ciphertexts. This enables querying encrypted text with Active Record. Deterministic encryption will use the oldest encryption scheme to encrypt new data by default. You can change this by setting deterministic: { fixed: false }. That will make it use the newest encryption scheme for encrypting new data.

  • :support_unencrypted_data - If config.active_record.encryption.support_unencrypted_data is true, you can set this to false to opt out of unencrypted data support for this attribute. This is useful for scenarios where you encrypt one column, and want to disable support for unencrypted data without having to tweak the global setting.

  • :downcase - When true, it converts the encrypted content to downcase automatically. This allows to effectively ignore case when querying data. Notice that the case is lost. Use :ignore_case if you are interested in preserving it.

  • :ignore_case - When true, it behaves like :downcase but, it also preserves the original case in a specially designated column +original_<name>+. When reading the encrypted content, the version with the original case is served. But you can still execute queries that will ignore the case. This option can only be used when :deterministic is true.

  • :context_properties - Additional properties that will override Context settings when this attribute is encrypted and decrypted. E.g: encryptor:, cipher:, message_serializer:, etc.

  • :previous - List of previous encryption schemes. When provided, they will be used in order when trying to read the attribute. Each entry of the list can contain the properties supported by #encrypts. Also, when deterministic encryption is used, they will be used to generate additional ciphertexts to check in the queries.

Parameters

names rest
key_provider key = nil
key key = nil
deterministic key = false
support_unencrypted_data key = nil
downcase key = false
ignore_case key = false
previous key = []
context_properties keyrest
Source 
# File activerecord/lib/active_record/encryption/encryptable_record.rb, line 49
        def encrypts(*names, key_provider: nil, key: nil, deterministic: false, support_unencrypted_data: nil, downcase: false, ignore_case: false, previous: [], **context_properties)
          self.encrypted_attributes ||= Set.new # not using :default because the instance would be shared across classes

          names.each do |name|
            encrypt_attribute name, key_provider: key_provider, key: key, deterministic: deterministic, support_unencrypted_data: support_unencrypted_data, downcase: downcase, ignore_case: ignore_case, previous: previous, **context_properties
          end
        end

Defined in activerecord/lib/active_record/encryption/encryptable_record.rb line 49 · View on GitHub · Improve this page · Find usages on GitHub

Defined in ActiveRecord::Encryption::EncryptableRecord

Type at least 2 characters to search.

↑↓ navigate · open · esc close