diff --git a/.env b/.env
index fe9b06d4ff..14902e28e9 100644
--- a/.env
+++ b/.env
@@ -61,3 +61,9 @@ SMTP_PASSWORD="f00d"
 # NEW_RELIC_AGENT_ENABLED=true
 # NEW_RELIC_APP_NAME="Open Food Network"
 # NEW_RELIC_LICENSE_KEY="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+
+# Database encryption configuration, required for VINE connected app
+# Generate with bin/rails db:encryption:init
+# ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+# ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+# ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
diff --git a/.env.development b/.env.development
index 68640acf21..94f1750d52 100644
--- a/.env.development
+++ b/.env.development
@@ -24,3 +24,8 @@ SITE_URL="0.0.0.0:3000"
 RACK_TIMEOUT_SERVICE_TIMEOUT="0"
 RACK_TIMEOUT_WAIT_TIMEOUT="0"
 RACK_TIMEOUT_WAIT_OVERTIME="0"
+
+# Database encryption configuration, required for VINE connected app
+ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY="dev_primary_key"
+ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY="dev_determinnistic_key"
+ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT="dev_derivation_salt"
diff --git a/.env.test b/.env.test
index c0097a0416..d65627ce33 100644
--- a/.env.test
+++ b/.env.test
@@ -18,3 +18,7 @@ SITE_URL="test.host"
 OPENID_APP_ID="test-provider"
 OPENID_APP_SECRET="12345"
 OPENID_REFRESH_TOKEN="dummy-refresh-token"
+
+ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY="test_primary_key"
+ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY="test_deterministic_key"
+ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT="test_derivation_salt"
diff --git a/app/models/connected_apps/vine.rb b/app/models/connected_apps/vine.rb
index 3e83ac5e64..350d8ac6ba 100644
--- a/app/models/connected_apps/vine.rb
+++ b/app/models/connected_apps/vine.rb
@@ -4,6 +4,8 @@
 #
 module ConnectedApps
   class Vine < ConnectedApp
+    encrypts :data
+
     def connect(api_key:, secret:, vine_api:, **_opts)
       response = vine_api.my_team
 
diff --git a/config/application.rb b/config/application.rb
index a1bda0a7d5..19cd559d97 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -255,5 +255,16 @@ module Openfoodnetwork
     config.exceptions_app = self.routes
 
     config.view_component.generate.sidecar = true # Always generate components in subfolders
+
+    # Database encryption configuration, required for VINE connected app
+    config.active_record.encryption.primary_key = ENV.fetch(
+      "ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY", nil
+    )
+    config.active_record.encryption.deterministic_key = ENV.fetch(
+      "ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY", nil
+    )
+    config.active_record.encryption.key_derivation_salt = ENV.fetch(
+      "ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT", nil
+    )
   end
 end