For my purposes, I've determined I'd rather have things stored in my Vault instances rather than in the DB. The Key/Value secrets engine(s) would be the preferred approach. I can't seem to find any pre-existing library to accomplish this, so I'm considering adding it to this gem in a PR.
I'm interested to hear from maintainers if this is something that has been considered for this library before, as an alternative to the Transit encryption and storage via ActiveRecord. If I were to work on adding this, I'd like to try to address any potential concerns from maintainers in advance. Most notably, it would require abstracting the interface somewhere and then moving large chunks of existing code behind some Transit-specific adapter namespace while adding the KV adapter alongside it. Where to draw the lines and the precise abstractions feels like the kind of thing I should seek opinions over before I proceed.
(I'm not sure it even makes sense to try to implement this operation into an ActiveRecord-enhancing library, since the operation would not require any bits of ActiveRecord. One could appreciate, however, the transparent integration into an AR model alongside unencrypted attributes, though this may be poor modeling.)
For my purposes, I've determined I'd rather have things stored in my Vault instances rather than in the DB. The Key/Value secrets engine(s) would be the preferred approach. I can't seem to find any pre-existing library to accomplish this, so I'm considering adding it to this gem in a PR.
I'm interested to hear from maintainers if this is something that has been considered for this library before, as an alternative to the Transit encryption and storage via ActiveRecord. If I were to work on adding this, I'd like to try to address any potential concerns from maintainers in advance. Most notably, it would require abstracting the interface somewhere and then moving large chunks of existing code behind some Transit-specific adapter namespace while adding the KV adapter alongside it. Where to draw the lines and the precise abstractions feels like the kind of thing I should seek opinions over before I proceed.
(I'm not sure it even makes sense to try to implement this operation into an ActiveRecord-enhancing library, since the operation would not require any bits of ActiveRecord. One could appreciate, however, the transparent integration into an AR model alongside unencrypted attributes, though this may be poor modeling.)