DEV Community

Dylan Rhinehart
Dylan Rhinehart

Posted on

Ruby On Rails : Encryption With BCrypt

Keeping user data safe is crucial when developing web applications. In Ruby on Rails, bcrypt is a built-in gem that lets developers secure their applications by encrypting passwords. In this blog, we'll talk about how to use bcrypt in Ruby on Rails to beef up your app's security.

What is bcrypt?

Bcrypt is a password hashing function that uses a salted key derivation function to secure passwords. It's designed to be slow and computationally expensive, making it difficult for attackers to perform brute-force attacks on hashed passwords. Bcrypt is widely used in web applications to store and authenticate user passwords.

Using Bcrypt in Ruby on Rails

To get started with bcrypt, you need to add the bcrypt gem to your Rails application by adding this line to your Gemfile:

gem 'bcrypt'
Enter fullscreen mode Exit fullscreen mode

After adding the bcrypt gem to your application, you can use it to hash user passwords by calling the bcrypt method in your Rails model. For example, say you have a User model with an email and password field. To hash the password before saving it to the database, you can use this code:

class User < ApplicationRecord
Enter fullscreen mode Exit fullscreen mode

The has_secure_password method automatically hashes and stores the password in the database when a new user is created.

To authenticate users, you can use the authenticate method provided by the has_secure_password method. For example, say you have a SessionsController that handles user authentication. You can authenticate a user by checking their email and password against the hashed password in the database like so:

class SessionsController < ApplicationController
  def create
    user = User.find_by(email: params[:email])
    if user && user.authenticate(params[:password])
      # User is authenticated
      # Authentication failed
Enter fullscreen mode Exit fullscreen mode

The authenticate method checks the provided password against the hashed password stored in the database. If the passwords match, the user is authenticated.


Using bcrypt is a powerful way to secure your Ruby on Rails web application. It protects your users' data from attackers and reduces the risk of data breaches. The has_secure_password method provided by Rails makes it easy to use bcrypt in your application. This lets you focus on other aspects of your app while keeping your users' data safe.

Latest comments (0)