Closed voltone closed 6 months ago
Just to clarify: it would be possible to implement the core aspect of this feature purely in my application by overriding after_decrypt/1
to return the closure. But that would not support the reverse direction: passing a closure in an insert/update. For that I'd have to unwrap the closure in cast/1
, and it is not overridable.
So a minimal change might be instead to make cast/1
overridable in all default types. But I think the benefit of explicit support for this feature in Cloak.Ecto
is that it raises awareness of this technique to other users of the library.
This looks great, apologies for the long delay. ⭐
See also https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/sensitive_data