ankane / mailkick

Any plans to support lockbox encryption of the email column in the mailkick_opt_outs table?

Hey @chuckphillips, I think you can add the necessary columns and create an initializer with:

Mailkick::OptOut.encrypts :email
Mailkick::OptOut.blind_index :email

(and follow the typically pattern for migrating columns if needed)

This line will need to be changed to use Active Record to generate email condition - something like WHERE EXISTS(#{Mailkick::OptOut.where(email: email, ...).to_sql}) - so it'll use the blind index when one exists or the normal column otherwise. Actually, looks like that's a join so it won't be as straightforward - both email columns would need to have a blind index and use the same key.

mailkick/lib/mailkick/model.rb

Line 14 in 4dad736

    
           where("#{options[:not] ? 'NOT ' : ''}EXISTS(SELECT * FROM mailkick_opt_outs WHERE (#{table_name}.#{email_key} = mailkick_opt_outs.email OR (#{table_name}.#{primary_key} = mailkick_opt_outs.user_id AND mailkick_opt_outs.user_type = ?)) AND mailkick_opt_outs.active = ? AND #{query})", *binds)

Let me know if you have any luck with it.

Cleaning up issues

I just wanted to say that native support to Lockbox would be awesome 🙏

Just fyi: Just pushed Mailkick 1.0, which no longer stores emails (it just references models). This should be better for privacy.

Support for Lockbox?