View Source How does AshCloak work?

Rewrite attributes to calculations

First, AshCloak changes the name of each cloaked attribute to encrypted_<name>, and sets public?: false and sensitive?: true.

Then it adds a calculation matching the original attribute that, when loaded, will decrypt the given attribute and call any configured on_decrypt callbacks.

Modify Actions

AshCloak then goes through each action that accepts the attribute and removes the attribute from the accept list.

Then it adds an argument by the same name, and a change that encrypts the attribute value.

This change also deletes the argument from the arguments list and from the params. This is a small extra layer of security to prevent accidental leakage of the value.

Add `preparation` and `change`

Finally, it add a preparation and a change that will automatically load the corresponding calculations for any attribute in the decrypt_by_default list.

The result

The cloaked attribute will now seamlessly encrypt when writing and decrypt on request.

← Previous Page Get Started with AshCloak

Next Page → DSL: AshCloak

View Source How does AshCloak work?

Rewrite attributes to calculations

Modify Actions

Add preparation and change

The result

Add `preparation` and `change`