cloak v0.6.2 mix cloak.migrate View Source
Migrate all configured schemas to your new encryption configuration.
While Cloak will automatically decrypt rows which use an old decryption cipher or key, this isn’t usually enough. Usually, you want to retire the old key, so it won’t do to leave it configured indefinitely.
This task allows you to proactively upgrade all rows in your database to the new encryption configuration, so that you can remove the old key.
Before You Run This Task…
- Ensure that you have configured your new encryption cipher.
- Set the new cipher and/or key as the
:default
. Otherwise, running this task will have no effect.
Configuration
In order for the Mix task to update rows in the correct database, it must have access to the correct repo, and a list of schemas to migrate.
Each schema should be specified in this format:
{schema_name, :encryption_field_name}
Where :encryption_field_name
is the name of the field the schema uses to
track it’s encryption version.
config :cloak, :migration,
repo: MyApp.Repo,
schemas: [{MyApp.Schema1, :encryption_version},
{MyApp.Schema2, :encryption_version}]
Usage
mix cloak.migrate
The task allows you to customize the repo and schemas which will be migrated at runtime.
mix cloak.migrate -m MyApp.Schema -f encryption_version -r MyApp.Repo