Encrypt Active Record data using SHA256

Since we weren't encrypting any data, we can disable the support_sha1_for_non_deterministic_encryption option, which should only be enabled on existing applications that were encrypting data using SHA1 [1]. [1] https://guides.rubyonrails.org/v7.1/upgrading_ruby_on_rails.html#active-record-encryption-algorithm-changes
2024-04-15 04:02:18 +02:00
parent 994d86ce2c
commit fbb40d701b
1 changed files with 2 additions and 2 deletions
--- a/config/initializers/new_framework_defaults_7_1.rb
+++ b/config/initializers/new_framework_defaults_7_1.rb
@@ -41,12 +41,12 @@ Rails.application.config.action_controller.allow_deprecated_parameters_hash_equa
 # 2. If you have +config.active_support.key_generator_hash_digest_class+ configured as SHA256 (the new default
 # in 7.0), then you need to configure SHA-256 for Active Record Encryption:
 #++
-# Rails.application.config.active_record.encryption.hash_digest_class = OpenSSL::Digest::SHA256
+Rails.application.config.active_record.encryption.hash_digest_class = OpenSSL::Digest::SHA256
 #
 # 3. If you don't currently have data encrypted with Active Record encryption, you can disable this setting to
 # configure the default behavior starting 7.1+:
 #++
-# Rails.application.config.active_record.encryption.support_sha1_for_non_deterministic_encryption = false
+Rails.application.config.active_record.encryption.support_sha1_for_non_deterministic_encryption = false

 ###
 # No longer run after_commit callbacks on the first of multiple Active Record