class

ActiveRecord::Encryption::EnvelopeEncryptionKeyProvider

v7.1.3.4 - Show latest stable - Superclass: Object

Implements a simple envelope encryption approach where:

It generates a random data-encryption key for each encryption operation.
It stores the generated key along with the encrypted payload. It encrypts this key with the master key provided in the active_record_encryption.primary_key credential.

This provider can work with multiple master keys. It will use the last one for encrypting.

When config.active_record.encryption.store_key_references is true, it will also store a reference to the specific master key that was used to encrypt the data-encryption key. When not set, it will try all the configured master keys looking for the right one, in order to return the right decryption key.

Files

activerecord/lib/active_record/encryption/envelope_encryption_key_provider.rb

ActiveRecord::Encryption::EnvelopeEncryptionKeyProvider

Files

Related methods