require 'openssl' # This module is useful for encrypting columns into the database # For the encrypted column, store it as "text" types # .key is stored in ENV['CYPHER_KEY'] # .iv, .auth_tag both are stored with the encrypted data module Cypher def self.encrypt(data) cipher = create_cipher cipher.encrypt cipher.key = Base64.decode64(ENV['CYPHER_KEY']) iv = cipher.random_iv encrypted = cipher.update(data) + cipher.final return {iv: Base64.encode64(iv), key: Base64.encode64(encrypted)} end # hash must have properties for :iv and :key def self.decrypt(hash) iv, encrypted = [Base64.decode64(hash['iv']), Base64.decode64(hash['key'])] decipher = create_cipher decipher.decrypt decipher.key = Base64.decode64(ENV['CYPHER_KEY']) decipher.iv = iv return decipher.update(encrypted) + decipher.final end private def self.create_cipher OpenSSL::Cipher::AES256.new(:CBC) end end