stackoom
  简体   繁体   中英

Rails accessing private methods using attr_encrypted

 原文  2016-09-02 17:11:13       ruby-on-rails/ private-methods/ attr-encrypted

Question

I'm trying to get attr_encrypted to obscure some data before saving it to the database. I need to deal with the logger output later, but at the moment I just want to get the field data from a submitted form, encrypt it, and save it.

Here's my model: 

class Agreement < ApplicationRecord
  attr_encrypted :test_field, key: :encryption_key

  private

  def encryption_key
      ENV['super_secret_key']
  end
end

I notice that when I comment out private everything seems to work as expected. But I obviously don't want to give public access to that info (ya know: super secret key), so I want it to be private. However, when I include private I get an error. Specifically: NoMethodError (undefined method 'bytesize' for :encryption_key:Symbol) . What I've drilled down to is that attr_encrypted is throwing an error because it is not getting a key passed to it, because the private method is not being accessed properly.

In theory, in the attr_encrypted bit, I could just set key: ENV['super_secret_key'] rather than calling a method, but the goal here is to actually create a new class with corresponding database table by which I can save, store, and rotate my keys, which in turn are obfuscated by an environment variable for an extra layer of security.

So my real question is: what's going on with my private methods, and why is private frustrating things, even within the scope of the model? I think I'm doing something very basically incorrect, but I've also followed examples from others that do this, so any guidance on my error would be greatly appreciated!

1 answers

solution1
 1 ACCPTED  2016-09-02 17:25:10

The issue is that the attr_encrypted call is at the class level, the encryption_key method is instance level. Try doing this instead: 

class Agreement < ApplicationRecord
  attr_encrypted :test_field, key: ENV['super_secret_key']]
end

Admittedly untested, but it should work.

Really though the private won't secure it anymore. You did this right by loading it through env from a config file. So long as it's not hardcoded in your repository, that's mainly what you need to do.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Using attr_encrypted with rails 7 attr_encrypted with rails Querying in rails on attr_encrypted column Rails test throwing Deprecation Warning over attr_encrypted gem attr_encrypted doesn't work with rails 2.3.8 + bundler? undefined method attr_encrypted in Rails 2.3 app Migration from attr_encrypted to vault-rails gem In Rails 6 / FactoryBot 6, how do I simulate attr_encrypted attributes? attr_encrypted not saving to database Unique IVs producing identical ciphertext using attr_encrypted
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM