• Arturo Herrero's avatar
    Encrypt application settings with pre and post deployments · cc9a30c7
    Arturo Herrero authored
    We had concerns about the cached values on Redis with the previous two
    releases strategy:
    
    First release (this commit):
      - Create new encrypted fields in the database.
      - Start populating new encrypted fields, read the encrypted fields or
        fallback to the plaintext fields.
      - Backfill the data removing the plaintext fields to the encrypted
        fields.
    Second release:
      - Remove the virtual attribute (created in step 2).
      - Drop plaintext columns from the database (empty columns after
        step 3).
    
    We end up with a better strategy only using migration scripts in one
    release:
      - Pre-deployment migration: Add columns required for storing encrypted
        values.
      - Pre-deployment migration: Store the encrypted values in the new
        columns.
      - Post-deployment migration: Remove the old unencrypted columns
    cc9a30c7
encrypt_plaintext_attributes_on_application_settings_spec.rb 1.91 KB