Rails: storing encrypted data in database

I want to encrypt database because confidential data is being stored. I use mongodb with mongoid. It possible for this kind of database? And what alternatives can you recomend, if it is not?

P.S. Main purpose is: if anybody hack the开发者_如何学C server and steal DB, it would be unencryptable.

UPDATE: thanks for nickh, I found very many soultions for ActiveRecord, but nothing for Mongoid and other Mongo clinets. It would be great to find some soultion for Mongo and Mongoid!

I have gotten attr_encrypted working with Mongo and Mongoid. It takes only a few tweaks.

Make sure that all of the encrypted_ fields that are automatically created by attr_encrypted are explicitly created in the model. For instance, if you have:

    attr_encrypted :email, :key => 'blah blah blah', :encode => true

you need to have:

    field :email, :type => String
    field :encrypted_email, :type => String

Also notice you need to tell it to encode the encrypted string otherwise Mongo will complain loudly.

Lastly, if you're encrypting a hash, do this:

    field :raw_auth_hash, :type => Hash
    field :encrypted_raw_auth_hash, :type => String

    attr_encrypted :raw_auth_hash, :key => 'blah', :marshal => true, :encode => true

I've had a lot of success with the attr_encrypted gem. However, I've only used it with ActiveRecord. I don't know if it works with MongoMapper or Mongoid.

Regardless of how you implement this, I strongly recommend only encrypting certain fields. Don't encrypt every field in every table. Doing that will make it difficult to use associations, search using LIKE, etc.

Try the mongoid-encrypted-fields gem - it is seamless as it handles encryption using mongoize/demongoize methods.

Just define your field like:

field :ssn, type: Mongoid::EncryptedString

Then you can access it like normal, but the data is stored encrypted.

http://ezcrypto.rubyforge.org/

Using postgreSQL with the ezcrypto gem atm - works reasonably well although there are limitations in using associations between models with encrypted fields (this maybe down to my inability to find the correct up-to-date fork of this project).

The encrypted fields are stored in the postgreSQL database as the BYTEA datatype and will usually require for single quotes to be escaped (another issue with the plugin),

PostgreSQL does also have access to its own encryption / decryption modeul 'pgcrypto' which also returns a BYTEA datatype. Not sure how this would integrate with Rails activerecord and associations between models (probably badly :D).

I use MongoDB in an app with the Mongoid ruby adapter. Ryan Bates (the demigod of Rails) recently made an outstanding railscast on this very issue http://railscasts.com/episodes/250-authentication-from-scratch.

I'm using this in a MongoDB app and it works perfectly for encrypting data. His tutorial video is mostly for encrypting passwords, but you can adapt it to any other field value you want.

I also have used attr_encrypted with much success but I'm not sure if it will work with MongoDB; only used it with ActiveRecord.