Encrypted attributes

katafrakt · March 3, 2024, 8:19pm

Some time ago I created a gem adding encrypted attributes to relations using custom types. It is designed to be compatible with ActiveRecord encryption, in case you’re moving from ActiveRecord-powered database to ROM. For now quite a few features from ActiveRecord::Encryption are missing, but basic stuff is working and I think it can already be used.

Here’s a link to the repo: GitHub - katafrakt/rom_encrypted_attribute: RomEncryptedAttribute: Rails-compatible encrypted attributes for ROM

Example usage:

class SecretNotes < ROM::Relation[:sql]
  EncryptedString, EncryptedStringReader =
    RomEncryptedAttribute.define_encrypted_attribute_types(
      primary_key: ENV["ENCRYPTION_PRIMARY_KEY"],
      key_derivation_salt: ENV["ENCRYPTION_KEY_DERIVATION_SALT"]
    )
    
  schema(:secret_notes, infer: true) do
    attribute :content, EncryptedString, read: EncryptedStringReader
  end
end

Looking for feedback. Thanks!

solnic · March 7, 2024, 6:54am

Thanks for sharing this Looks very useful. I’d only recommend renaming gem to rom-encrypted_attribute and then following a standard naming convention so ROM::EncryptedAttribute. Another thing to consider is adding a schema plugin to streamline the DX.

katafrakt · March 10, 2024, 10:39pm

I guess I inadvertently followed the Elixir’s rule of “no namespace trespassing”. But if you feel it’s better name, I can change it for sure.

Interesting idea! I had to read the code a bit to understand what the schema plugin is, but I think this is a really good potential improvement here. Thanks!

Topic		Replies	Views
Relation Schemas and Attribute Types Issues	0	348	April 18, 2022
Relation schema attribute default value? Issues	0	292	May 17, 2023
Aliased attributes in commands Issues	3	751	December 29, 2018
Attributes coerced multiple times Issues	3	685	March 3, 2020
Instantiating a custom Struct instance Usage Stories	5	923	April 17, 2018

Encrypted attributes

Related Topics