search

danielberkompas / cloak_ecto

Encrypted fields for Ecto
MIT License
195 stars 31 forks source link

Support custom Ecto embeds in `Cloak.Migrator` #44

Open kuznetskikh opened 1 year ago

kuznetskikh commented 1 year ago

Hello all!

I'm sorry if the question was already araised (I didn't find anything), but was is the reason why Cloak migrator doesn't support custom Ecto embeds?

https://github.com/danielberkompas/cloak_ecto/blob/master/lib/cloak_ecto/migrator.ex

defp cloak_field?({_field, {:embed, %Ecto.Embedded{}}}) do
  false
end

defp cloak_field?({_field, {:parameterized, Ecto.Embedded, %Ecto.Embedded{}}}) do
   false
end

I'm asking since I'm going to have something like this:

defmodule Vault do
  use Cloak.Vault,
    otp_app: :app
end

defmodule Vault.Value do
  use Cloak.Ecto.Binary,
    vault: Vault

  def embed_as(_format), do: :dump

  def dump(nil), do: {:ok, nil}

  def dump(value) do
    with {:ok, encrypted} <- super(value) do
      {:ok, Base.encode64(encrypted)}
    end
  end

  def load(nil), do: {:ok, nil}

  def load(value), do: super(Base.decode64!(value))
end

defmodule Partner do
  schema "partners" do
    field(:code, :string)
    embeds_one(:credentials, PartnerCredentials, on_replace: :update)
end

defmodule PartnerCredentials do
  @primary_key false
  embedded_schema do
    field(:client_id, :string)
    field(:client_secret, Vault.Value)
    field(:refresh_token, Vault.Value)
  end
end

So my client_secret and refresh_token get serialized/deserialized without problems, but I can't apply migration in case of rotating keys - credentials field will be just skipped.

Were there any problems with embeds so you don't have support of them?

Any response from you would be appreciated. Thanks!

NicolayD commented 1 year ago

I get the same with an Ecto.Enum field that's not even encrypted, just in the same schema.

danielberkompas commented 5 months ago

Overlaps with #46