Avoid potential data corruption by allowing decryption by default

[ldlamarc]

In our app we have methods that read encrypted attributes from one record and save them in another record.

# first_name is encrypted
user = User.find(id)
other_user = User.find(other_id)
other_user.first_name = user.first_name
other_user.save!

My worry is that someone does this in a (production) console without running decrypt! first potentially corrupting other_user (which will now have the encrypted version of first_name encrypted again and saved instead of first_name).

How do you avoid this?

Potential solution could be to make encryption optional (we mainly use console1984 for the logging and auditing so we could turn it off).

Another solution could be to not decrypt console output but to still make any other output decrypted (maybe also make this a configuration option).

[lfv89]

If you are not encrypting anything on your models then you won't have this problem.

The encryption behavior comes from Rails' own ActiveRecord::Encryption module, the decrypt! method it's there not only to decrypt any encrypted field but also to mark any following command after its execution as a Sensitive Access rather than a Protected Access.