In this step we will:
- Learn about the ActiveStash Assess tool.
- Create a
- Use ActiveStash Assess to identify where sensitive data lives in your database.
ActiveStash Assess is a tool to identify where sensitive data lives in your database, and track your progress on encrypting it.
ActiveStash Assess comes in two parts:
- A Rake task for identifying database fields that include sensitive data (like Personally Identifying Information, Protected Health Information)
- An RSpec Matcher for verifying what fields have been encrypted in your database
1. Create a
$ rails generate scaffold user name email suburb $ rails db:migrate
2. Run the ActiveStash Assess rake task:
This command will print results to stdout in a human-readable format and write a results file to
active_stash_assessment.yml in the Rails project root.
We recommend you commit this file to your repo, so you can track your progress on encrypting these fields over time.
To run an assessment and generate a report, run:
$ rake active_stash:assess
This prints the below results:
User: - User.name is suspected to contain: names (AS0001) - User.email is suspected to contain: emails (AS0001) - User.suburb is suspected to contain: addresses (AS0001) Online documentation: - https://docs.cipherstash.com/assess/checks#AS0001 Assessment written to: /your/path_to/ActiveStash_Demo/active_stash_assessment.yml
You can follow those links to learn more about why this data is considered sensitive, why adversaries want it, and what regulations and compliance frameworks cover this data.
active_stash:assess Rake task also writes a results file to
active_stash_assessment.yml in your Rails project root.