Search code examples
ruby-on-railsdatabaseencryptionrubygemsruby-on-rails-6

Rails lockbox and blind index, unable to access encrypted field


I have lockbox v1.3.3 / blind index v2.3.2 gems installed (have to use this version, can't upgrade at the moment).

I am using rails 6.0.3.2 and ruby 2.6.9.

I followed these steps:

When I drop the plain text column, I am no longer able to access the email field by using User.last.email, it says

undefined method `email' for #<User:0x0000000125f46340>

I would expect to be able to access this field.

This is how my user model looks like:

  ...
  has_encrypted :email, migrating: true
  blind_index :email, migrating: true

  # removing this after dropping the column does not change anything, email is still not acessible
  self.ignored_columns = ["email"]
  ...

The initial migration:

class AddEncryptionToPiiFields < ActiveRecord::Migration[6.0]
  def change
    # users encrypted fields
    add_column :users, :email_ciphertext, :text

    # users blind columns and indexes
    add_column :users, :email_bidx, :string
    add_index :users, :email_bidx, unique: true
  end
end

I have existing data, therefore after the first migration I ran Lockbox.migrate(User). Once that has completed, I drop the columns with this following migration:

class DropNonEncryptedFields < ActiveRecord::Migration[6.0]
  def change
    remove_column :users, :email
  end
end

After that, I am no longer able to access User.last.email.

What am I missing? Why I am not able to access the email field anymore?

The DB seems to have all the "cipher" fields in place, and I am able to access User.last.email_ciphertext.


Solution

  • The solution was simple: just remove "migrating: true" from all encrypted fields in the model.