Slide 12
Slide 12 text
© 2024 Wantedly, Inc.
CustomKeyProvider#encryption_key
resp = kms_client.generate_data_key(
key_id: ENV.fetch('AWS_KMS_KEY_ID'),
key_spec: 'AES_256',
)
ActiveRecord::Encryption::Key.new(resp.plaintext).tap do |key|
key.public_tags.encrypted_data_key = resp.ciphertext_blob
end
暗号化されずに保存される