Upgrading from attr_encrypted and Vault-rails for same key

Asked Nov 27 '18 at 11:30

Active Dec 22 '18 at 17:02

Viewed 103 times

I was using attr_encrypted mechanism previously,

attr_encrypted :ssn, key: :encryption_key, algorithm: 'bf-cfb', mode: :single_iv_and_salt, insecure_mode: true

and I upgraded it to vault-rails:

include Vault::EncryptedModel
vault_attribute :ssn

I want to keep both in a way that, if some data is already saved using attr_encrypted then use that, and use vault for new user or if any old user is updating their data.

edited Dec 22 '18 at 17:02

Daniel Mann

57,011
13
100
120

asked Nov 27 '18 at 11:30

Rahul Tibrewal

Does that work? These accessors will overwrite each other – Sergio Tulentsev Nov 27 '18 at 11:32
Why not upgrade all users at once and be done with it? – Sergio Tulentsev Nov 27 '18 at 11:37
That's a good option but its huge amount of data. – Rahul Tibrewal Nov 27 '18 at 11:50
1

Well then, create two encrypted properties (legacy `ssn` and new `ssn2`, for example) and choose between them at runtime. Based on a user's flag `use_vault_key?` or something like that. But I'd try the full migration if I were you. Why create this complication when you can simply do something to not need it. – Sergio Tulentsev Nov 27 '18 at 12:05

Upgrading from attr_encrypted and Vault-rails for same key

0 Answers0

Linked