ActiveRecord attribute encryption in Ruby on Rails for better security compliance

Data Encryption has never been so important to modern-day applications as it is today. Storing personal data in plain-text format makes the application open to data theft. Not only users' personal data is at risk, but even the application becomes subject to scrutiny when it falls under General Data Protection Regulation (GDPR) norms. In this blog post, we will explore a quick way to encrypt & decrypt model attributes using Rails handy ActiveSupport::MessageEncryptor class to ensure compliance such as GDPR. Let's start with some basics on PII and GDPR mandates. Personally Identifiable Information (PII) examples as per GDPR PII

Enabling encryption on S3

Files uploaded on S3 are not encrypted. To make them secure, we either need to encrypt the file at client's end then upload or configure S3 settings to encrypt the files after upload. i.e Server Side Encryption. Amazon S3 Server Side Encryption (SSE) employs AES-256, an encryption standard that provides a considerably high level of protection. To allow SSE for S3, just include following code in headers while uploading file: 'x-amz-server-side-encryption' => 'AES256' To check, login to S3 and check properties of the file uploaded. The "Server Side Encryption" option under Details tab should show AES-256 radio