Comments (6)
Yeah, that's correct (email_migrating
is migrated_email
). The extra attribute is an implementation detail that users shouldn't need to worry about, so I don't think it makes sense in the readme.
from lockbox.
For who is interested, in the Migrator
class I changed record.send("#{v[:attribute]}=", record.send(k)) unless record.send(v[:encrypted_attribute])
to decrypted_value = record.send(k).decrypt Rails.application.secrets.token_encryption_password record.send("#{v[:attribute]}=", decrypted_value) unless record.send(v[:encrypted_attribute])
.
In the Model
class, I changed the code:
define_method "#{original_name}=" do |value|
result = super(value)
send("#{name}=", send(original_name))
result
end
to
define_method "#{original_name}=" do |value|
result = super(value)
send("#{name}=", value)
lock_for(original_name).content value
result
end
This will allow to migrate existing data and keep the attribute
and migrated_attribute
in sync, allowing to run Strongbox and Lockbox side by side. The change is not totally complete though because strongbox
has a different syntax for setting an attribute to a nil
value. Therefore for a successful migration we have to be careful in setting migrated_attribute
to nil
whenever a one of the original attributes is nullified.
from lockbox.
Hey @mzanini, it's probably easiest to fork the gem, replace the send
calls, and then switch back after migrating. The two places you'll want to change off the top of my head are the migrator class you mentioned and the model module (may be able to replace send(original_name)
with value
).
Lines 422 to 429 in f50a978
I haven't tried strongbox, so there may be more work involved.
Edit: Basically, migrating consists of two parts: keeping the column in sync with new updates (the model module, which allows for zero downtime) and backfilling existing data (the migrator class)
from lockbox.
Thank you for your answer! To clarify how the migration process works right now (I think this could be added to the readme): let's say I want to migrate the email
attribute on the User
model.
- Adding
encrypts :email, migrating: true
will add an attributeemail_migrating
to the model. - Assigning a value to
email
will causeemail_migrating
to be assigned that value too. - Whenever the value of the
email_migrating
attribute is set,lockbox
will encrypt the value and save it to the DB columnemail_ciphertext
. - Running
Lockbox.migrate(User)
will setemail_migrating = email
for every record - Removing the
migrating: true
option will map theemail
attribute to theemail_ciphertext
column
Is that right or are thing working in a different way?
from lockbox.
Perfect, thanks for clarifying!
from lockbox.
Awesome, thanks for sharing @mzanini! This should be really helpful for others in the same situation.
from lockbox.
Related Issues (20)
- Do we have option to run Migration skipping callbacks for the model HOT 1
- key rotation and GCM nonce collision HOT 2
- Lockbox Migration getting stopped without any errors HOT 1
- Feature Request: ActiveRecord support for Text type HOT 1
- Empty hash is encrypted as nil HOT 3
- Any chance of getting :jsonb type support? HOT 2
- Automating data migration HOT 1
- upsert and upsert_all support for ActiveRecord HOT 1
- Undefined method 'has_encrypted' HOT 1
- Active Record - Migrating Existing Data HOT 2
- Rotating master key gives ActiveRecord::RecordNotSaved HOT 1
- Decryption using PHP is not Working HOT 4
- Access to the unencrypted attachable when using ActiveStorage HOT 2
- [Question] - Migrating from `attr_encrypted` with `marshal: true` HOT 3
- Lockbox raises MissingAttributeError when encrypted attribute is backed by store_attribute when using select HOT 1
- `Lockbox.rotate` bypasses `default_scope` if passed a model HOT 1
- GCM-SIV HOT 1
- Devise Invalid Credentials after table name changed HOT 3
- Search in encrypted data HOT 1
- Unable to rotate encryption for fields having custom key_table HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lockbox.