What is the best way to safely store bank account information of users in a ruby on rails app?
I would like to store the information in a way in which admins can view the full bank info while still being encrypted in the database.
The point of this is so that I have a quick reference to their bank info in order to wire money to their bank accounts from my own bank website.
Is this a good idea?
Any ideas for doing this securely with minimum liability?
for something like this I like to use the attr_encrypted gem this is really simple to use
1) add the attr_encrypted to the Gemfile
2) now in your model you can do something like
class User attr_encrypted :bank_account_number, key: 'This is a key that is 256 bits!!' end
3) now all you need to know is how to get the data out
user = User.new user.bank_account_number = '123456789' user.bank_account_number # returns the unencrypted object ie. '123456789' user.encrypted_bank_account_number # returns the encrypted version of :bank_account_number
I hope that this helps Happy Hacking user.save