Access your teaching qualifications - 8. Encrypt database fields

Date: 2023-03-27

Status

Accepted

Currently, the database isn't encrypted at the application level and any leak of data could expose PII.

We want to encrypt the PII fields to lessen the impact of any breach of the database.

Rails 7 introduced encryption as a feature. It seamlessly encrypts the data on write and decrypts it on read provided you have the master key.

This means that we can encrypt the PII fields in the database without any change to the way we use and display the data.

We will use ActiveRecord Encryption to encrypt the PII fields on a per-model basis.

All environments will require access to the master key to be able to decrypt the PII fields.

See the docs/encryption.md for details on managing the keys.