Encrypting databases

Hi all, your thoughts appreciated:

I’d like to encrypt one of my databases, as described in the first Rails
by putting encrypt and decrypt methods on the :after_find, :before_save,
:after_save hooks in my model (what a lovely transparent way rails does
things!). But unlike the book, I actually want to use real encryption,
something from the OpenSSL library, something that requires a symmetric
that I will ask the user to enter at login. Either that or just use some
hash of
the user’s login password. Either way, I’ll store this encryption key in
session, my thinking being that not storing the keys permanently will
prevent any nosy sysadmin seeing the data, even with the source code.

My question is this, how might I get the encryption key from my session
into the
model to do the (de|en)cryption? The session hash is not available to
the model
as this violates MVC apparently. I don’t want to have to pass the key as
parameter on every method call to the model, or do all the decryption in
controller, as this would be repeating myself, and not using the nice
transparency that Activerecord offers. Is it possible to inject the
somehow, or register some callback from the model into the controller,
or am I
going about this the wrong way entirely?!


Theres an AR plugin to do this already…
Sentry I think.