Replacing Cipher with Plug.Crypto for Secure Data Encryption in Elixir

In this article, Sheharyar Naseer describes the process and rationale behind switching from the Cipher library to Plug.Crypto for data encryption in Elixir applications. Due to Cipher's maintenance issues and security vulnerabilities (e.g., using a static initialization vector), Sheharyar sought advice from the Dashbit team, who recommended waiting for the release of Phoenix v1.5, which includes Plug.Crypto. The transition to Plug.Crypto was straightforward, and they leveraged a small wrapper to adopt best practices. Additional benefits of Plug.Crypto include using `:erlang.term_to_binary` for easier encryption of Erlang terms and structs. Sheharyar advises other Elixir developers to prefer well-maintained libraries like Plug.Crypto to avoid security pitfalls.