You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CouchbaseOrm provides built-in support for encrypting sensitive data stored in your Couchbase documents. Encryption allows you to protect confidential information, such as personal data or financial details, by encrypting the values before storing them in the database and decrypting them when retrieving the data.
3
+
CouchbaseOrm provides built-in support for storing encrypted data in your Couchbase documents using a structured format. The `:encrypted` type provides a standardized storage format compatible with Couchbase Lite's field-level encryption, but **does not perform encryption/decryption itself**. Your application is responsible for encrypting data before storing it and decrypting it after retrieval.
4
4
5
5
## 11.1. Encrypted Attributes
6
6
7
7
To mark an attribute as encrypted, you can use the `:encrypted` type when defining the attribute in your model.
8
8
9
9
```ruby
10
-
# Define the Bank model with an encrypted attribute
10
+
# Define the Bank model with encrypted attributes
11
11
classBank < CouchbaseOrm::Base
12
12
attribute :name, :string
13
13
attribute :account_number, :encrypted
14
14
attribute :routing_number, :encrypted, alg:"3DES"
15
15
end
16
16
```
17
17
18
-
In this example, the `account_number` and `routing_number` attributes are marked as encrypted. By default, CouchbaseOrm uses the default `CB_MOBILE_CUSTOM` encryption algorithm for encrypting the values. You can specify a different encryption algorithm by providing the `alg` option.
18
+
In this example, the `account_number` and `routing_number` attributes are marked as encrypted. The `alg` option specifies the encryption algorithm identifier that will be stored in the document metadata (default is `"CB_MOBILE_CUSTOM"`). This identifier is for documentation purposes and Couchbase Lite compatibility - CouchbaseOrm does not use it for actual encryption.
19
19
20
20
```plaintext
21
21
{
@@ -32,83 +32,171 @@ In this example, the `account_number` and `routing_number` attributes are marked
32
32
}
33
33
```
34
34
35
-
When a document is saved, CouchbaseOrm stores the encrypted values in the document with a prefix of `encrypted$`. The encrypted values are stored as JSON objects containing the encryption algorithm (`alg`) and the ciphertext (`ciphertext`) of the encrypted value.
35
+
When a document is saved, CouchbaseOrm stores encrypted attributes in the document with a prefix of `encrypted$`. The values are stored as JSON objects containing the encryption algorithm identifier (`alg`) and the ciphertext (`ciphertext`).
36
36
37
-
You can assign values to encrypted attributes just like any other attribute.
37
+
**Important**: You must provide **pre-encrypted**values to encrypted attributes. CouchbaseOrm stores these values as-is in the `ciphertext` field without performing any encryption.
38
38
39
39
```ruby
40
-
bank =Bank.new(name:'My Bank', account_number:'123456789', routing_number:'987654321')
40
+
# You must encrypt the data BEFORE assigning it to the attribute
41
+
require'base64'
42
+
43
+
# Assuming you have an encryption method (e.g., AES, Tanker, etc.)
CouchbaseOrm handles the storage format for encrypted attributes but does not perform encryption/decryption. Here's what happens:
95
126
96
-
When an encrypted attribute is assigned a value, CouchbaseOrm encrypts the value using the configured encryption key and algorithm. The encrypted value is then stored in the Couchbase document.
127
+
**When saving:**
128
+
1. You assign a Base64-encoded ciphertext to the encrypted attribute
129
+
2. CouchbaseOrm wraps it in the `encrypted$` format with `alg` and `ciphertext` fields
130
+
3. The document is stored in Couchbase with this structure
97
131
98
-
When retrieving a document with encrypted attributes, CouchbaseOrm automatically decrypts the encrypted values using the same encryption key and algorithm. The decrypted values are then accessible through the model's attributes.
132
+
**When loading:**
133
+
1. CouchbaseOrm reads the document from Couchbase
134
+
2. It unwraps the `encrypted$` format and extracts the `ciphertext` value
135
+
3. The Base64-encoded ciphertext is assigned to the attribute
136
+
4. Your application must decode and decrypt the value
99
137
100
-
It's important to keep the encryption key secure and protect it from unauthorized access. If the encryption key is compromised, the encrypted data can be decrypted by anyone who obtains the key.
138
+
**Key Points:**
139
+
- CouchbaseOrm does **not** require or use any encryption key
140
+
- The `alg` field is purely informational (for compatibility with Couchbase Lite)
141
+
- All actual encryption/decryption is your application's responsibility
142
+
- Values must be valid Base64-encoded strings
101
143
102
144
## 11.4. Considerations and Best Practices
103
145
104
-
When using encryption in CouchbaseOrm, consider the following best practices:
146
+
When using encrypted attributes in CouchbaseOrm, consider the following best practices:
147
+
148
+
### Security
149
+
-**Encryption is your responsibility**: CouchbaseOrm only provides the storage format. Choose a robust encryption library (e.g., `rbnacl`, `openssl`, or a service like AWS KMS)
150
+
-**Key management**: Store encryption keys securely using environment variables, secret managers (AWS Secrets Manager, HashiCorp Vault), or key management services
151
+
-**Never commit keys**: Keep encryption keys out of version control systems
152
+
-**Key rotation**: Implement a key rotation strategy and maintain the ability to decrypt data encrypted with old keys
153
+
-**Use authenticated encryption**: Prefer AEAD modes (like AES-GCM) that provide both confidentiality and integrity
154
+
155
+
### Performance and Querying
156
+
-**Cannot query encrypted fields**: Encrypted attributes cannot be used in WHERE clauses or indexed effectively
157
+
-**Consider searchable encryption**: If you need to search encrypted data, investigate specialized solutions like searchable encryption schemes or external encrypted search indexes
158
+
-**Selective encryption**: Only encrypt truly sensitive fields to minimize performance overhead
159
+
160
+
### Implementation Patterns
161
+
-**Wrap in accessors**: Create getter/setter methods that automatically handle encryption/decryption:
162
+
```ruby
163
+
classBank < CouchbaseOrm::Base
164
+
attribute :account_number, :encrypted
165
+
166
+
defaccount_number=(plaintext)
167
+
encrypted =MyEncryptor.encrypt(plaintext)
168
+
super(Base64.strict_encode64(encrypted))
169
+
end
170
+
171
+
defaccount_number
172
+
encrypted =Base64.strict_decode64(super)
173
+
MyEncryptor.decrypt(encrypted)
174
+
end
175
+
end
176
+
```
177
+
178
+
-**Separate concerns**: Consider using a concern or module to encapsulate encryption logic:
179
+
```ruby
180
+
moduleEncryptedAttributes
181
+
defencrypted_attribute(name)
182
+
define_method("#{name}=") do |plaintext|
183
+
encrypted =MyEncryptor.encrypt(plaintext)
184
+
super(Base64.strict_encode64(encrypted))
185
+
end
186
+
187
+
define_method(name) do
188
+
encrypted =Base64.strict_decode64(super())
189
+
MyEncryptor.decrypt(encrypted)
190
+
end
191
+
end
192
+
end
193
+
```
105
194
106
-
- Keep the encryption key secure and protect it from unauthorized access. Store the key securely and avoid committing it to version control systems.
107
-
- Use strong and unique encryption keys for each environment (development, staging, production) to prevent cross-environment access to encrypted data.
108
-
- Be cautious when querying encrypted attributes as it may impact performance. Consider indexing encrypted attributes separately if frequent querying is required.
109
-
- If you need to search or query encrypted data frequently, consider using a separate encrypted search index or a dedicated encryption service.
110
-
- Ensure that the encryption key is properly rotated and managed. If the encryption key is compromised, you should generate a new key and re-encrypt the affected data.
195
+
### Compatibility
196
+
- The `encrypted$` format is compatible with Couchbase Lite's field-level encryption
197
+
- The `alg` field helps document which encryption algorithm was used, aiding in key rotation and auditing
198
+
- Ensure your encryption implementation is compatible across all platforms that access the data (web, mobile, etc.)
111
199
112
-
Encryption is a powerful tool for protecting sensitive data, but it should be used judiciously. Encrypting every attribute in your model may not be necessary or practical. Focus on encrypting the most sensitive and confidential data while balancing the trade-offs between securityand performance.
200
+
Encryption is a powerful tool for protecting sensitive data, but it should be used judiciously. Focus on encrypting the most sensitive and confidential data while balancing the trade-offs between security, performance, and functionality.
113
201
114
202
In the next section, we'll explore logging in CouchbaseOrm and how you can configure and customize logging to monitor and debug your application.
0 commit comments