Getting started with Ruby on Rails and CipherStash
This guide will step you through adding CipherStash to your Ruby on Rails application.
By the end of this guide, you will have:
- Encrypted sensitive data inside your existing database
- Queried that encrypted data
The steps you’ll go through are:
- Define which database columns should be encrypted
- Encrypt the sensitive data
- Query the newly encrypted data
Before you start
You’ll need to install some tools:
This tutorial takes you through adding CipherStash to an existing Rails application using PostgreSQL.
Start by cloning the repo and installing dependencies:
git clone https://github.com/cipherstash/cipherstash-rails-demo-app cd cipherstash-rails-demo-app bundle install
Create the database, run migrations, and seed the database with dummy patient data:
Install the CipherStash CLI
The CipherStash CLI is used to manage your encryption schema.
The encryption schema defines what encrypted indexes exist, and what queries you can perform on those indexes.
Install via Homebrew:
brew install cipherstash/tap/stash
You will need to grant an exception in System Settings the first time you run the binary.
We will release a fix for this in Q2 2023.
Download the binary for your platform:
- Make the binary executable:
# on x86_64 chmod +x $path_to/stash-x86_64-unknown-linux-gnu # on ARM64 chmod +x $path_to/stash-aarch64-unknown-linux-gnu
- Rename the binary:
# on x86_64 mv stash-x86_64-unknown-linux-gnu stash # on ARM64 mv stash-aarch64-unknown-linux-gnu stash
- Place the binary on your
$PATH, so you can run it.
You can start your signup from the CLI:
Your browser will open to https://cipherstash.com/signup/stash where you can sign up with either your GitHub account, or a standalone email.
Install the CipherStash database driver
The CipherStash database driver transparently maps SQL statements to encrypted database columns.
We need to add it to your Rails app, and tell Rails to use it.
Supports Rails 6.x and 7.x.
activerecord-cipherstash-pg-adapter to your Gemfile:
Remove (or comment out as below) the
pg gem from your Gemfile.
# gem "pg", "~> 1.1"
And update the default adapter settings in the
default: &default adapter: postgres_cipherstash ``