When upgrading an application from Rails 5.0.7.2 to 5.1.7, I noticed that decrypted fields that used to be filtered out of our JSON responses are now included.

I believe this was caused by #263, if I comment out this line, the secrets stay secret.

My theory is that this is enabled because the field is now in attributes, which is enumerated when ActiveRecord creates a serializable_hash of a model.

https://github.com/rails/rails/blob/66cabeda2c46c582d19738e1318be8d59584cc5b/activemodel/lib/active_model/serialization.rb#L126