Scenario

We want to encrypt (personal) data before storing it in PostgreSQL.
So that if for any reason the DB is ever "compromised" through SQL injection or other "attack",
the data is strongly encrypted and thus the "leak" is (somewhat) "mitigated".
read: https://security.stackexchange.com/questions/56278/field-level-encryption-vs-disk-encryption-for-pci-compliance

The starting point is to read the Erlang crypto docs: http://erlang.org/doc/man/crypto.html
It has lots of detail but few practical examples ...

Requirement

• Use Symmetric Key Encryption
• Determine additional CPU/Memory load impact from encrypting individual fields vs. entire record.

We read: https://github.com/rubencaro/cipher which is "overkill" for what we need.

Example code:

# encryption key
key = :crypto.hash(:sha256, "get key from aws parameter store") |> Base.encode16
# initialisation vector
iv = "clave2 con chicha" |> String.slice(0,16)
# data
data = "Hello World!"
IO.puts "data (before encryption): " <> data
# encrypt:
encrypted = :crypto.aes_cbc_128_encrypt  key, iv, data
IO.puts "encrypted: " <> encrypted

Looked at: https://github.com/danielberkompas/cloak