Storing sensitive information in the database

How to protect sensitive information (personal details and medical records) in database (PostgreSQL)? How to encrypt that data in the database and decrypt it only for authorized logged in users? Any libraries can help to achieve this? Where and how to store the key needed to decrypt the data?

Thank you.

I did not use it yet, but cloak seems a good choice…

5 Likes

:+1: We use cloak and it’s Ecto integration cloak-ecto to encrypt sensitive data in the DB.

2 Likes

Just like kokolegorille and stefanchrobot, I can also recommend cloak.

It also has support for Ecto which means less configuration and more coding! :slightly_smiling_face:

@kokolegorille @stefanchrobot @Allyedge

Thank you. I have already installed cloak and cloak-ecto.

May I ask, how do you provide the application with the base_64 encoded encryption key? By some credential manager, as environment variable or using another method? What is the safest manner to pass the encryption key to the application? Thank you.

We pass the key via an ENV variable in the runtime (System.fetch_env! in runtime.exs). Currently we’re using Ansible Vault to store the keys.