I have attr_accessible :access_token attr_encrypted :access_token, key: ENV[‘ENCRYPTION_KEY’] and I’m doing some User.find_by_access_token ,

Question

0

Asked: June 9, 20262026-06-09T08:25:26+00:00 2026-06-09T08:25:26+00:00

I have attr_accessible :access_token attr_encrypted :access_token, key: ENV[‘ENCRYPTION_KEY’] and I’m doing some User.find_by_access_token ,

0

I have

attr_accessible :access_token
attr_encrypted :access_token, key: ENV['ENCRYPTION_KEY']

and I’m doing some User.find_by_access_token, so I’d like to index the field in the db.

However, no access_token exists, only encrypted_access_token.

Does indexing this do the same thing as indexing any other field?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-09T08:25:27+00:00

The whole point of saving encrypted data is to prevent the cleartext from showing. Obviously you cannot search for it, or the whole concept would be flawed.

You can index the encrypted token with a plain index and search the table with the encrypted token – for which you obviously need the encryption key.

CREATE INDEX tbl_encrypted_access_token_idx ON tbl(encrypted_access_token);

SELECT *
FROM   tbl
WHERE  encrypted_access_token = <encrypted_token>;

If all your tokens can be decrypted with an IMMUTABLE Postgres function, you could use an index on an expression:

CREATE INDEX tbl_decrypted_token_idx
ON tbl(decrypt_func(encrypted_access_token));

SELECT *
FROM   tbl
WHERE  decrypt_func(encrypted_access_token) = <access_token>;

Note that the expression has to match the expression in the index for the index to be useful.

But that would pose a security hazard on multiple levels.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have attr_accessible :access_token attr_encrypted :access_token, key: ENV[‘ENCRYPTION_KEY’] and I’m doing some User.find_by_access_token ,

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply