Question 1

How to rotate encryption keys in Cloak without downtime?

Accepted Answer

Cloak's tagged ciphertexts let you encrypt new data with a new key while decrypting old data with the old key. Use background jobs to re-encrypt existing data gradually, as shown in the re-encryption examples.

Question 2

Cloak vs ssl for encryption in Elixir?

Accepted Answer

Cloak is for data-at-rest encryption, like database fields with Ecto, while ssl secures network communications. Cloak provides application-level encryption, whereas ssl handles transport-layer security.

Question 3

How to encrypt an Ecto field using cloak_ecto?

Accepted Answer

Define a Vault module in your config, use the :binary type with cloak_ecto's field type in your schema, and add the vault to your supervision tree. The Hex docs provide specific setup steps.

Question 4

Does Cloak support AES-256-GCM with 12-byte IVs?

Accepted Answer

Yes, Cloak supports AES.GCM with configurable IV lengths. The README notes that 12-byte IVs are recommended for interoperability and will be default in Cloak 2.0.

Question 5

What's the performance impact of Cloak on database queries?

Accepted Answer

Encryption and decryption add computational overhead, potentially slowing down queries, especially for large datasets. However, for most apps, the impact is minimal due to Elixir's concurrency.

Question 6

Can I use Cloak with Elixir's Phoenix LiveView?

Accepted Answer

Cloak is server-side and works with Phoenix for data persistence, but for real-time client-side encryption in LiveView, you'd need additional handling, as Cloak focuses on server encryption.

cloak

What is cloak?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions