has_secure_password macro adds methods to set and authenticate against a BCrypt password. This mechanism requires you to have a
XXX_digest attribute. Where
XXX is the attribute name of your desired password.
has_secure_password(attribute = :password, validations: true)
The following validations are added automatically:
Password must be present on creation
Password length should be less than or equal to 72 bytes
Confirmation of password (using a
If confirmation validation is not needed, simply leave out the value for
XXX_confirmation (i.e. don’t provide a form field for it). When this attribute has a
nil value, the validation will not be triggered.
For further customizability, it is possible to suppress the default validations by passing
validations: false as an argument.
bcrypt (~> 3.1.7) to
Gemfile to use
gem 'bcrypt', '~> 3.1.7'
Example using Active Record (which automatically includes ActiveModel::SecurePassword - https://api.rubyonrails.org/classes/ActiveModel/SecurePassword.html):
First, create and run migration:
rails new has_secure_password-example
 bcrypt-ruby/bcrypt-ruby: bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt() password hashing algorithm, allowing you to easily store a secure hash of your users’ passwords. - https://github.com/bcrypt-ruby/bcrypt-ruby