FinTech - Encrypting Devise Passwords and ENVs

We’re having a security assessment next month of our Rails App, and need to make sure that the site is using AES encryption. I’ve edited our user model to encrypt passwords and other data with both a DEK and a KEK that can be regularly rotated (ex: DEK is required to be updated yearly).

In regards to ENVs, what tool(s) have you used to encrypt them as I’m currently looking at GPGTools but don’t have experience with it?