From fbb40d701bf9d2d7580119b6078b0127584fcec5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Mon, 15 Apr 2024 04:02:18 +0200 Subject: [PATCH] Encrypt Active Record data using SHA256 Since we weren't encrypting any data, we can disable the support_sha1_for_non_deterministic_encryption option, which should only be enabled on existing applications that were encrypting data using SHA1 [1]. [1] https://guides.rubyonrails.org/v7.1/upgrading_ruby_on_rails.html#active-record-encryption-algorithm-changes --- config/initializers/new_framework_defaults_7_1.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/initializers/new_framework_defaults_7_1.rb b/config/initializers/new_framework_defaults_7_1.rb index 94d2d58c3..46ac5c22b 100644 --- a/config/initializers/new_framework_defaults_7_1.rb +++ b/config/initializers/new_framework_defaults_7_1.rb @@ -41,12 +41,12 @@ Rails.application.config.action_controller.allow_deprecated_parameters_hash_equa # 2. If you have +config.active_support.key_generator_hash_digest_class+ configured as SHA256 (the new default # in 7.0), then you need to configure SHA-256 for Active Record Encryption: #++ -# Rails.application.config.active_record.encryption.hash_digest_class = OpenSSL::Digest::SHA256 +Rails.application.config.active_record.encryption.hash_digest_class = OpenSSL::Digest::SHA256 # # 3. If you don't currently have data encrypted with Active Record encryption, you can disable this setting to # configure the default behavior starting 7.1+: #++ -# Rails.application.config.active_record.encryption.support_sha1_for_non_deterministic_encryption = false +Rails.application.config.active_record.encryption.support_sha1_for_non_deterministic_encryption = false ### # No longer run after_commit callbacks on the first of multiple Active Record