Where to store encryption keys?

rubyonrails-talk
1

I think if anyplace, in your configuration file. I don't think you'd want to hard-wire something like that to a model. I understand you need to store this somewhere, but I must admit storing it anywhere makes me feel a bit uneasy from a security standpoint.

Doesn't your encryption library include guidelines for this?

Michael Glaesemann grzm seespotcode net

2

If the key is stored in the same database as the encrypted data, there isn't any point in encrypting it in the first place. And no don't use a blob, base64 encode it and put it in a text/varchar column.

Chris