How to protect sensitive information (personal details and medical records) in database (PostgreSQL
)? How to encrypt that data in the database and decrypt it only for authorized logged in users? Any libraries can help to achieve this? Where and how to store the key needed to decrypt the data?
Thank you.
I did not use it yet, but cloak seems a good choice…
5 Likes
We use cloak
and it’s Ecto integration cloak-ecto
to encrypt sensitive data in the DB.
2 Likes
Just like kokolegorille
and stefanchrobot
, I can also recommend cloak
.
It also has support for Ecto which means less configuration and more coding!
@kokolegorille @stefanchrobot @Allyedge
Thank you. I have already installed cloak
and cloak-ecto
.
May I ask, how do you provide the application with the base_64
encoded encryption key? By some credential manager, as environment variable or using another method? What is the safest manner to pass the encryption key to the application? Thank you.
1 Like
We pass the key via an ENV variable in the runtime (System.fetch_env!
in runtime.exs
). Currently we’re using Ansible Vault to store the keys.
1 Like