We have an encrypted column attribute which we need to query. The column is encrypted by ActiveRecord (non deterministic). So decrypting one row is no problem. However it is impossible to query the attribute of multiple/all rows.
Is it possible to migrate an non-deterministic column to deterministic? Or in worst case remove the encryption of the column in total?
Looked for a possible migration, sure I am not the first with this issue. However I can't find anything relevant. Also tried adding deterministic: true to the model to test. However it seems to work for new data, not for already encrypted data.
(full disclosure: I don't have hands-on experience with your exact problem)
Also tried adding deterministic: true to the model to test. However it seems to work for new data, not for already encrypted data.
This makes me think your best bet would be to treat this as a completely new column instead of trying to "fix" the existing one:
Add a new column with the deterministic approach. Write a migration that would read data from the non-deterministic one into the deterministic one. Switch your code to use the new column and drop the old one.