CipherStash
CipherStash Documentation

Find sensitive data in your app

In this step we will:

  • Learn about the ActiveStash Assess tool.
  • Create a User model.
  • Use ActiveStash Assess to identify where sensitive data lives in your database.

ActiveStash Assess is a tool to identify where sensitive data lives in your database, and track your progress on encrypting it.

ActiveStash Assess comes in two parts:

1. Create a User model:

$ rails generate scaffold user name email suburb
$ rails db:migrate

2. Run the ActiveStash Assess rake task:

This command will print results to stdout in a human-readable format and write a results file to active_stash_assessment.yml in the Rails project root. We recommend you commit this file to your repo, so you can track your progress on encrypting these fields over time.

To run an assessment and generate a report, run:

$ rake active_stash:assess

This prints the below results:

User:
- User.name is suspected to contain: names (AS0001)
- User.email is suspected to contain: emails (AS0001)
- User.suburb is suspected to contain: addresses (AS0001)

Online documentation:
- https://docs.cipherstash.com/assess/checks#AS0001

Assessment written to: /your/path_to/ActiveStash_Demo/active_stash_assessment.yml

You can follow those links to learn more about why this data is considered sensitive, why adversaries want it, and what regulations and compliance frameworks cover this data.

The active_stash:assess Rake task also writes a results file to active_stash_assessment.yml in your Rails project root.