Recommend binary columns for encrypted attributes
At the moment we use text
columns for to store encrypted attributes (and their initialization vector) in the database. This is the default in the attr_encrypted
gem.
Proposal
Instead of storing encrypted data Base64, store it as binary instead. This would reduce the storage size, and would skip the encoding step.
I would also recommend setting the limit of the _iv
column to 12 bytes (need to double check on that length). The limit on the secret itself would be harder to tune.