mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
f78a480818
This implements several changes to encourage deterministic encryption to
remain unchanged. The main motivation is letting you define unique
indexes on deterministically-encrypted columns:
- By default, deterministic encryption will always use the oldest
encryption scheme to encrypt new data, when there are many.
- You can skip this default behavior and make it always use the current
encryption scheme with:
```ruby
deterministic: { fixed: false } # using this should be a rare need
```
- Deterministic encryption still supports previous encryption schemes
normally. So they will be used to add additional values to queries, for
example.
- You can't rotate deterministic encryption keys anymore. We can add
support for that in the future.
This makes for reasonable defaults:
- People using "deterministic: true" will get unique indexes working out
of the box.
- The system will encourage keeping deterministic encryption stable:
- By always using oldest encryption schemes
- By forbidding configuring multiple keys
But you can still opt-out of the default if you need to.
|
||
|---|---|---|
| .. | ||
| assets | ||
| bug_report_templates | ||
| rails_guides | ||
| source | ||
| .document | ||
| CHANGELOG.md | ||
| rails_guides.rb | ||
| Rakefile | ||
| w3c_validator.rb | ||