I have a Ruby on Rails App (v4.0.1 though I don't think that's relevant here) running on Ruby 2.0 and I allow users to OAuth into third party services to give me access to their data.
I have stored my application's Consumer Key and Consumer Secret in environment variables that are outside of source control.
After the last callback in the OAuth / OAuth2 dance, I have tokens for each of my users which can be used to access their information.
For their login credentials I use one way hashing to not have their passwords stored in my database in plain text, so I'm figuring I should do something similar with their tokens, but since I need to use those tokens to access their data, I need to be able to reproduce the plain text, so I'm trying to figure out what's the best way to do symmetric encryption.
I'm planning on storing my encryption key as an environment variable and then using something like https://gist.github.com/nono/2995118 to encrypt the tokens. Is this secure?
Have people used this https://github.com/reidmorrison/symmetric-encryption gem?
I'm trying to prevent myself from having to reinvent the wheel. Any tips?
