Weak model-specific encryption key detected
- Rule ID: ruby_rails_weak_custom_key
- Languages: ruby
- Source: weak_custom_key.yml
Description
To ensure effective encryption, model-specific encryption keys should be 12 bytes or greater.
Remediations
❌ When using model-specific encryption keys, the minimum length you should use is 12 bytes
class User < ApplicationRecord
encrypts :email, key: "weak-key"
end
Resources
Associated CWE
OWASP Top 10
Ready to take the next step? Join the Bearer Cloud waitlist.