search

rails / solid_cache

A database-backed ActiveSupport::Cache::Store
MIT License
756 stars 48 forks source link

Encrypts :value encrypts every column named :value #106

Open cmaxw opened 7 months ago

cmaxw commented 7 months ago

My initializer: config/initializers/solid_cache.rb

# frozen_string_literal: true

ActiveSupport.on_load(:solid_cache_entry) do
  encrypts :value
end

I'm using the rails-settings-cached gem which creates a table with a :value column.

I have a setting called domain that I use in my from address in my mailer:

app/mailers/user_mailer.rb

class UserMailer < ApplicationMailer
  default from: "no-reply@#{Setting.domain}"

  def invite
    # do work
  end
end

The app failed to boot up because it was loading the domain setting from the Setting table and trying to decrypt my plaintext setting.

I removed the line from the mailer and it booted up and started getting ActiveRecord::Encryption::Errors::Decryption: ActiveRecord::Encryption::Errors::Decryption errors wherever I called the cache method in my views.

I removed the initializer and it went back to working albeit with the cache now running in plaintext.

Nothing I'm caching at the moment is sensitive. It's mostly just to speed up the website. However, if I end up needing it encrypted, I'd like it to work.

brunoprietog commented 6 months ago

I wonder if it's a bug from rails-settings-cached. I made a sample repository and I can't reproduce it. Here it's.

Active Record Encryption was configured, the same initializer was set and there is a Setting model with key and value attributes.

Then, in the Rails console:

Setting.create(key: "cache_store", value: "solid_cache")

I don't see that it encrypts anything:

bruno@SurfaceBruno:~/solid_cache_encrypt$ bin/rails db
SQLite version 3.37.2 2022-01-06 13:25:41
Enter ".help" for usage hints.
sqlite> select * from settings;
1|cache_store|solid_cache|2023-12-20 10:49:15.694176|2023-12-20 10:49:15.694176
sqlite>
cmaxw commented 6 months ago

I'm wondering if it's because I already had values in settings and solid cache. I talked to someone who mentioned that I should try again with optional encryption turned on so it can read values that already exist in clear. I just haven't had a moment to see if that works.