accounts passwd encoding

app/models/account.rb

@@ -1,2 +1,3 @@
 class Account < ApplicationRecord
+  serialize :password, CryptSerializer
 end

app/services/crypt_serializer.rb

@@ -0,0 +1,43 @@
+require 'openssl'
+require 'base64'
+
+class CryptSerializer
+  attr_reader :cipher
+
+  class << self
+    # pulling from DB - return plain value
+    def load value
+      new.decrypt value
+    end
+
+    # saving to DB - return encrypted value
+    def dump value
+      new.encrypt value
+    end
+  end
+
+  def initialize
+    @cipher = OpenSSL::Cipher::AES.new(256, :CBC)
+  end
+
+  def encrypt(value)
+    return value if value.nil?
+    unless value.is_a?(String)
+      raise "Attribute was supposed to be a `String`, but was instead a `#{value.class}`"
+    end
+
+    cipher.encrypt
+    parts = [cipher.random_key, cipher.random_iv, cipher.update(value) + cipher.final]
+    Base64.urlsafe_encode64 Marshal.dump(parts)
+  end
+
+  def decrypt(value)
+    return value if value.nil?
+
+    parts = Marshal.load Base64.urlsafe_decode64(value)
+    cipher.decrypt
+    cipher.key = parts[0]
+    cipher.iv = parts[1]
+    cipher.update(parts[2]) + cipher.final
+  end
+end