Updating to 2.0
MattDHill opened this issue · 5 comments
I'm updating to from 1.0.1 to 2.0.1. Should I maintain separate keys for lockbox and blind_index, or is there a way to combine according to enhanced integration?
Hey @MattDHill, using separate keys is 100% fine.
However, if you really want to combine them, you'll need to rotate one of them to the other's master key. It's typically easier to rotate Lockbox since it doesn't require creating a new column. Here are instructions for Lockbox: https://github.com/ankane/lockbox#key-rotation. Be sure to use master_key
instead of key
in previous_versions
.
I'm sure others will have this same question, so here's a quick breakdown. Examples use environment variables, but it's a similar process even if you don't.
- Prep your models for rotation
class User < ApplicationRecord
encrypts :name, :email, previous_versions: {master_key: ENV["LOCKBOX_MASTER_KEY"]}
end
- Change your Lockbox master key in an initializer (new records/updates will be encrypted with this master key)
Lockbox.master_key = ENV["BLIND_INDEX_MASTER_KEY"]
- Rotate each of your models
Lockbox.rotate(User, attributes: [:name, :email])
-
Remove
previous_versions
from your models -
(environment variables only) Rename
ENV["BLIND_INDEX_MASTER_KEY"]
toENV["LOCKBOX_MASTER_KEY"]
and delete theLockbox.master_key = "..."
line
Awesome, TY
I assume step 2 would go in a config/initializers/lockbox.rb
file?
Also, I can then safely delete the old "LOCKBOX_MASTER_KEY" environment variable, correct?
Yeah, updated for clarity. You'll want to keep the original ENV["LOCKBOX_MASTER_KEY"]
until after step 4 in the example above (since it's used directly in the model).