lockbox VS Devise

The first step is to install the gem with bundle add authtrail. Additionally, since you'll be storing user-identifiable information such as emails and IP addresses in your app database, it's highly recommended that you encrypt this data in production using a combination of Lockbox and Blindindex gems.

Your app queries an encrypted ActiveStash index, which says what rows in your existing database should be retrieved. It works with all the popular application-level encryption plugins for ActiveRecord, including ActiveRecord Encryption, and Lockbox.

Content is encrypted using https://github.com/ankane/lockbox default setup I've been considering adding optional end-to-end encryption as well, but am a bit afraid people might lose access to content forever if they lose access to keys.

lockbox and blind_index for email fields encryption

Install lockbox and blind_index.

https://github.com/ankane/lockbox this is for the actual encryption of data

Lockbox

I've been using the lockbox gem to encrypt specified attributes.

I stumbled upon lockbox when looking for alternatives to attr_encrypted (It hadn't been updated for a while). It's really super & I'm pretty keen to share it :D

Since Rails 7, there's more and more tooling that enables us, developers, to roll our own authentication. Devise is great and has been an amazing companion over the years. It also has this neat little feature - an authenticated route constraint which "hides" certain routes from people that are not signed in.

[changelog] https://github.com/heartcombo/devise/blob/main/CHANGELOG.md [upgrade guide] https://github.com/heartcombo/devise/wiki/How-To:-Upgrade-to-Devise-4.9.0-%5BHotwire-Turbo-integration%5D

As much as this article is about user authorization, there's something important we need to cover: user authentication. Without it, any authorization policies we try to define later on will be useless. But there is no need to write authentication from scratch. Let's use Devise.

With around 50 new gems released daily, it is common to use trending libraries for managing everyday tasks. You probably use Devise for authentication, Cancan for authorization, Kaminari for pagination, or run tests with Rspec.

Devise is an authentication library built on top of Warden, a Rack-based authentication framework.

devise: An authentication library designed for Rails

I used Devise, this is a Ruby on Rails app

In this article, we will explore how to implement authentication in a Rails 7 application using the popular devise gem. Authentication is a crucial aspect of web development, allowing users to securely access and interact with your application. By following this step-by-step guide, you will learn how to set up devise, configure authentication routes, create user models, and enhance your application with authentication features.