rails 3.0 attr_encrypted existing database

In a rails 3.0 I need to encrypt an existing text field. There a table memos that contains a text field "note". I've create an encrypted_note field and added in the model:

attr_encrypted :note, :key => 'a secret key'

For now when I load an existing record the "note" is empty. I'm assuming that attr_encrypted try to decrypt...but the field has note been encrypted yet!

attr_encrypted works well for new records but wondering what would be the best strategy to encrypt the existing records?

Does instance_variable_get('@note') or read_attribute('note') work?

If so, you can probably do something like this in the Rails console:

User.all.each do |user|
  user.note = user.instance_variable_get('@note')
  user.save
end

Here is the trick to clear the unencrypted column as the encrypted one get populated! in the model add:

before_update :clear_note

def clear_note
   if encrypted_note != nil && read_attribute('note') != nil
     write_attribute('note','')
   end
end

Assuming you start with your model Thing with the un-encrypted attribute note.

1) Add a migration to add a field encrypted_note and populate it

  class EncryptThing < ActiveRecord::Migration
    def up
      rename_column :things, :note, :old_note
      add_column :things, :encrypted_note, :string
      # if you want to use per-attribute iv and salt:
      # add_column :things, :encrypted_note_iv, :string
      # add_column :things, :encrypted_note_salt, :string

      Thing.find_each do |t|
        t.note = t.old_note
        t.save
      end

      remove_column :things, :old_note
    end

    def down
      raise ActiveRecord::IrreversibleMigration
    end
  end

2) Add a line to your model to specify the encrypted attribute:

    attr_encrypted :note, :key => Rails.application.config.key
    # if you want to use per-attribute iv and salt, add this to the line above:
    #   ,  :mode => :per_attribute_iv_and_salt

3) run your migration

    rake db:migrate