I want to encrypt database because confidential data is being stored. I use mongodb with mongoid. It possible for this kind of database? And what alternatives can you recomend, if it is not?
P.S. Main purpose is: if anybody hack the server and steal DB, it would be unencryptable.
UPDATE: thanks for nickh, I found very many soultions for ActiveRecord, but nothing for Mongoid and other Mongo clinets. It would be great to find some soultion for Mongo and Mongoid!
Using encryption in Rails 7 It works by declaring which attributes should be encrypted and seamlessly encrypting and decrypting them when needed. The encryption layer sits between the database and the application. The application will access unencrypted data, but the database will store it encrypted.
Encryption of a database file is done at the page level. The pages in an encrypted database are encrypted before they're written to disk and are decrypted when read into memory. TDE doesn't increase the size of the encrypted database.
PostgreSQL offers encryption at several levels, and provides flexibility in protecting data from disclosure due to database server theft, unscrupulous administrators, and insecure networks. Encryption might also be required to secure sensitive data such as medical records or financial transactions.
I have gotten attr_encrypted working with Mongo and Mongoid. It takes only a few tweaks.
Make sure that all of the encrypted_ fields that are automatically created by attr_encrypted are explicitly created in the model. For instance, if you have:
attr_encrypted :email, :key => 'blah blah blah', :encode => true
you need to have:
field :email, :type => String
field :encrypted_email, :type => String
Also notice you need to tell it to encode the encrypted string otherwise Mongo will complain loudly.
Lastly, if you're encrypting a hash, do this:
field :raw_auth_hash, :type => Hash
field :encrypted_raw_auth_hash, :type => String
attr_encrypted :raw_auth_hash, :key => 'blah', :marshal => true, :encode => true
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With