When upgrading to Rails 7.1 with any models using the encrypts macro from ActiveRecord::Encryption, be wary of upgrading the config.load_defaults in config/application.rb from 7.0 to 7.1. The 7.1 defaults for ActiveRecord::Encryption include a combination of settings that can lead to your app being unable to decrypt data that it previously encrypted:
active_record.encryption.hash_digest_class = OpenSSL::Digest::SHA256 active_record.encryption.support_sha1_for_non_deterministic_encryption = false
While the exception backtrace will probably include lines from your app, they won’t be helpful in identifying or resolving the issue except that you might notice that they include the getter method for a database column that you’ve defined with encrypts. You’ll see an error with a backtrace ending something like:
.../encryptor.rb:58:in `rescue in decrypt': ActiveRecord::Encryption::Errors::Decryption (ActiveRecord::Encryption::Errors::Decryption) .../cipher/aes256_gcm.rb:79:in `rescue in...
Top comments (0)