Module: ConcernsOnRails::Encryption
- Defined in:
- lib/concerns_on_rails/encryption.rb
Overview
Configuration and error types backing Models::Encryptable.
The gem stays agnostic about where secrets live: the host app supplies the key (commonly a Proc reading Rails credentials) via a small config object, mirroring the existing ConcernsOnRails.deprecator accessor pattern:
ConcernsOnRails.configure_encryption do |c|
c.key = -> { Rails.application.credentials.dig(:encryption, :key) }
end
A key may be raw 32-byte binary, a 64-char hex string, or any passphrase (stretched to 32 bytes with PBKDF2-HMAC-SHA256). Resolution is lazy — a missing key raises MissingKeyError at first encrypt/decrypt, never at class-load, so a model file can be required before credentials load.
Defined Under Namespace
Classes: Config, DecryptionError, Error, MissingKeyError
Constant Summary collapse
- DEFAULT_KDF_SALT =
The KDF salt and iteration count are part of the derived key's identity: change them and existing ciphertext can no longer be decrypted. They are deliberately fixed constants (the salt is overridable via config only for apps that must diverge and are prepared to re-encrypt).
"concerns_on_rails/encryptable/v1".freeze
- KDF_ITERATIONS =
65_536