mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
f78a480818
This implements several changes to encourage deterministic encryption to
remain unchanged. The main motivation is letting you define unique
indexes on deterministically-encrypted columns:
- By default, deterministic encryption will always use the oldest
encryption scheme to encrypt new data, when there are many.
- You can skip this default behavior and make it always use the current
encryption scheme with:
```ruby
deterministic: { fixed: false } # using this should be a rare need
```
- Deterministic encryption still supports previous encryption schemes
normally. So they will be used to add additional values to queries, for
example.
- You can't rotate deterministic encryption keys anymore. We can add
support for that in the future.
This makes for reasonable defaults:
- People using "deterministic: true" will get unique indexes working out
of the box.
- The system will encourage keeping deterministic encryption stable:
- By always using oldest encryption schemes
- By forbidding configuring multiple keys
But you can still opt-out of the default if you need to.
|
||
|---|---|---|
| .. | ||
| active_record/connection_adapters | ||
| activejob | ||
| assets | ||
| cases | ||
| fixtures | ||
| migrations | ||
| models | ||
| schema | ||
| support | ||
| config.example.yml | ||
| config.rb | ||