Skip to content

Execution context

Avo::Services::EncryptionService it's used internally by Avo when is needed to encrypt sensible params.

One example is the select all feature, where we pass the query, encrypted, through params.

How does the Avo::Services::EncryptionService work?

The EncryptionService is an service that can be called anywhere on the app.

Public methods


Used to encrypt data


Used to decrypt data

Mandatory arguments:


Object to be encrypted


A symbol with the purpose of encryption, can be anything, it just need to match when decrypting.

Optional arguments

This service uses ActiveSupport::MessageEncryptor as encryptor so Avo::Services::EncryptionService accepts any argument specified on ActiveSupport::MessageEncryptor documentation

Usage example

Basic text:

secret_encryption = Avo::Services::EncryptionService.encrypt(message: "Secret string", purpose: :demo)
# "x+rnETtClF2cb80PtYzlULnVB0vllf+FvwoqBpPbHWa8q6vlml5eRWrwFMcYrjI6--h2MiT1P5ctTUjwfQ--k2WsIRknFVE53QwXADDDJw=="

Avo::Services::EncryptionService.decrypt(message: secret_encryption, purpose: :demo)
# "Secret string"

Objects with custom serializer:

secret_encryption = Avo::Services::EncryptionService.encrypt(message:Course::Link.first, purpose: :demo, serializer: Marshal)
# "1UTtkhu9BDywzz8yl8/7cBZnOoM1wnILDJbT7gP+zz8M/t1Dve4QTFQP5nfHZdYK9KvFDwkizm8DTHyNZdixDtCO/M7yNMlzL8Mry1RQ3AF0qhhTzFeqb5UqyQv/Cuq+NWvQ+GXv3gFckXaNqsFSX5yDccEpRDpyNkYT4MFxOa+8hVR4roebkNKB89lb73anBDTHsTAd37y2LFiv2YaiFguPQ/...

Avo::Services::EncryptionService.decrypt(message: secret_encryption, purpose: :demo, serializer: Marshal)
# #<Course::Link:0x00007fd28dc44c00 id: 1, link: "", course_id: 1, created_at: Thu, 07 Dec 2023 11:05:13.779644000 UTC +00:00, updated_at: Thu, 07 Dec 2023 11:05:13.779644000 UTC +00:00, position: 1>

Secret key base


Avo::Services::EncryptionService fetches a secret key base to be used on the encrypt / decrypt process. Make sure that you have it defined in any of the following:

ENV["SECRET_KEY_BASE"] || Rails.application.credentials.secret_key_base || Rails.application.secrets.secret_key_base