How do I implement field-level encryption in a Phoenix app?

This project shows how by creating custom Ecto types like EncryptedField and HashField, using AES-256-GCM for encryption and SHA-256 for hashing. Follow the tutorial to integrate these into your user schema and manage keys via environment variables.

What's the difference between this example and the 'fields' library?

This example is a tutorial for understanding the implementation details from scratch, while 'fields' is a library built by the same team that encapsulates the logic for easier use. For production apps, 'fields' reduces boilerplate and maintenance effort.

Is AES-256-GCM secure enough for encrypting user data in a database?

Yes, AES-256-GCM is an authenticated encryption mode recommended by OWASP and widely used in industry. This example implements it with proper initialization vectors and key management, making it suitable for sensitive data.

How can I rotate encryption keys in my Phoenix application?

The example includes key rotation by storing multiple keys in an environment variable and using key IDs in ciphertext. It demonstrates updating the ENCRYPTION_KEYS variable and decrypting data with older keys to ensure backward compatibility.

Can I use this code directly in production?

While the patterns are production-ready, the creators advise using the 'fields' library for production. This example is best for learning or as a reference, but you'll need to maintain the code, handle updates, and ensure security audits yourself.

How do I hash passwords with Argon2 in Elixir?

The tutorial integrates argon2_elixir as a dependency and creates a PasswordField Ecto type that automatically hashes passwords using Argon2id. It includes functions for verification and testing to ensure secure password storage.

phoenix-ecto-encryption-example — Ecto Data Encryption Example

What is phoenix-ecto-encryption-example?

Phoenix Ecto Encryption Example is a detailed tutorial and code example that demonstrates how to implement field-level encryption in Elixir Phoenix applications. It shows how to encrypt sensitive user data before storing it in a database using custom Ecto types, addressing the critical need for personal data protection in web applications. The project solves the problem of securing personal information like names and email addresses while maintaining application functionality.

Target Audience

Elixir/Phoenix developers and technical decision makers who need to implement robust data encryption in their applications. It's particularly valuable for developers building applications that handle personal data and require compliance with data protection regulations.

Value Proposition

Developers choose this example because it provides a complete, production-ready implementation of encryption following OWASP best practices, with clear explanations of each step. Unlike generic encryption libraries, it demonstrates the full integration with Phoenix and Ecto, including key rotation and custom type implementation.

🔐 A detailed example for how to encrypt data in an Elixir (Phoenix v1.7) App before inserting into a database using Ecto Types

Use Cases

Best For

Implementing GDPR-compliant data encryption in Phoenix applications
Learning how to build custom Ecto types for data transformation
Adding field-level encryption to existing Phoenix user schemas
Understanding AES-256-GCM encryption implementation in Elixir
Implementing secure password storage with Argon2 in Phoenix
Building applications that require encrypted personal data storage

Not Ideal For

Teams seeking a plug-and-play encryption library without manual Ecto type implementation
Projects built on non-Elixir stacks or using frameworks other than Phoenix
Developers under tight deadlines who need a production-ready, maintained encryption solution immediately
Applications requiring encryption algorithms or features beyond AES-256-GCM and Argon2, such as post-quantum cryptography

Pros & Cons

Pros

Comprehensive Educational Resource

Provides a step-by-step tutorial that explains encryption concepts from first principles, including detailed code for custom Ecto types and key rotation, making it ideal for deep learning.

OWASP Best Practices Compliance

Follows OWASP cryptographic storage and password storage cheat sheets by using AES-256-GCM encryption and Argon2 password hashing, ensuring industry-standard security.

Production-Ready Patterns

Includes practical implementations like key rotation with environment variable management and custom Ecto types for automatic encryption/decryption, derived from real-world use.

Hands-On Integration

Demonstrates full integration with Phoenix and Ecto, including schema changes, testing, and environment setup, covering the entire workflow from encryption to database storage.

Cons

Not a Maintained Library

The README explicitly recommends using the 'fields' library for production, indicating this example is primarily educational and may lack updates, bug fixes, or community support.

High Implementation Overhead

Requires copying and adapting code from the example, which involves manual setup of Ecto types, key management, and testing, increasing the risk of errors compared to using a pre-built solution.

Limited to Specific Tech Stack

Tied exclusively to Elixir, Phoenix, and Ecto, so it's not applicable for other programming languages, databases, or frameworks without significant rework.

Self-Managed Security Burden

Users must handle key generation, rotation, and algorithm updates themselves, which adds operational complexity and potential security gaps if not managed rigorously.

Frequently Asked Questions

What is phoenix-ecto-encryption-example?

Target Audience

Value Proposition

Use Cases

Best For

Implementing GDPR-compliant data encryption in Phoenix applications
Learning how to build custom Ecto types for data transformation
Adding field-level encryption to existing Phoenix user schemas
Understanding AES-256-GCM encryption implementation in Elixir
Implementing secure password storage with Argon2 in Phoenix
Building applications that require encrypted personal data storage

Not Ideal For

Teams seeking a plug-and-play encryption library without manual Ecto type implementation
Projects built on non-Elixir stacks or using frameworks other than Phoenix
Developers under tight deadlines who need a production-ready, maintained encryption solution immediately
Applications requiring encryption algorithms or features beyond AES-256-GCM and Argon2, such as post-quantum cryptography

Pros & Cons

Pros

Comprehensive Educational Resource

Provides a step-by-step tutorial that explains encryption concepts from first principles, including detailed code for custom Ecto types and key rotation, making it ideal for deep learning.

OWASP Best Practices Compliance

Follows OWASP cryptographic storage and password storage cheat sheets by using AES-256-GCM encryption and Argon2 password hashing, ensuring industry-standard security.

Production-Ready Patterns

Includes practical implementations like key rotation with environment variable management and custom Ecto types for automatic encryption/decryption, derived from real-world use.

Hands-On Integration

Demonstrates full integration with Phoenix and Ecto, including schema changes, testing, and environment setup, covering the entire workflow from encryption to database storage.

Cons

Not a Maintained Library

The README explicitly recommends using the 'fields' library for production, indicating this example is primarily educational and may lack updates, bug fixes, or community support.

High Implementation Overhead

Requires copying and adapting code from the example, which involves manual setup of Ecto types, key management, and testing, increasing the risk of errors compared to using a pre-built solution.

Limited to Specific Tech Stack

Tied exclusively to Elixir, Phoenix, and Ecto, so it's not applicable for other programming languages, databases, or frameworks without significant rework.

Self-Managed Security Burden

Users must handle key generation, rotation, and algorithm updates themselves, which adds operational complexity and potential security gaps if not managed rigorously.

Frequently Asked Questions

phoenix-ecto-encryption-example

What is phoenix-ecto-encryption-example?

Overview

Use Cases

Best For

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions

Related Projects

Found a gem we're missing?

phoenix-ecto-encryption-example

What is phoenix-ecto-encryption-example?

Overview

Use Cases

Best For

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions

Related Projects

Found a gem we're missing?