Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: encryption service integration to support batch encryption and decryption #5164

Merged
merged 87 commits into from
Jul 19, 2024

Conversation

ArjunKarthik
Copy link
Contributor

@ArjunKarthik ArjunKarthik commented Jun 28, 2024

Type of Change

  • Bugfix
  • New feature
  • Enhancement
  • Refactoring
  • Dependency updates
  • Documentation
  • CI/CD

Description

Additional Changes

  • This PR modifies the API contract
  • This PR modifies the database schema
  • This PR modifies application configuration/environment variables

Motivation and Context

PCI compliance requires application to follow some standards where encryption and decryption should not happen within the application as snapshot might have DEK and data together. So separate service should be used for encryption and decryption. In application wherever we are calling encrypt and decrypt it will be replaced by API call to encryption service.

How did you test it?

Changes can be verified only through logs. Look for "Fall back to Application Encryption" or "Fall back to Application Decryption" in the logs post deployment after running below tests. If logs are present encryption/decryption failed with encryption service and fall back to the application encryption which has to be investigated.

Test with merchant created before the changes deployed
1. Create Payment
2. Retrieve Payment
3. Create Refund
4. Retrieve Payment
Test with merchant created after the changes deployed
1. Create Merchant
2. Create API Key
3. Create MCA
4. Create Payment
6. Retrieve Payment
7. Create Refund
8. Retrieve Payment
Requires sanity on all the flows

Checklist

  • I formatted the code cargo +nightly fmt --all
  • I addressed lints thrown by cargo clippy
  • I reviewed the submitted code
  • I added unit tests for my changes where possible

dracarys18 and others added 20 commits June 7, 2024 15:18
@ArjunKarthik ArjunKarthik requested review from a team as code owners June 28, 2024 14:15
@ArjunKarthik ArjunKarthik requested a review from dracarys18 July 1, 2024 06:39
@ArjunKarthik ArjunKarthik requested a review from vspecky July 19, 2024 06:53
@Gnanasundari24 Gnanasundari24 enabled auto-merge July 19, 2024 07:38
Copy link
Member

@vspecky vspecky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM on behalf of @juspay/hyperswitch-routing

@Gnanasundari24 Gnanasundari24 added this pull request to the merge queue Jul 19, 2024
Merged via the queue into main with commit 33298b3 Jul 19, 2024
13 checks passed
@Gnanasundari24 Gnanasundari24 deleted the encryption-api-integration branch July 19, 2024 08:01
pixincreate added a commit that referenced this pull request Jul 19, 2024
* 'main' of github.com:juspay/hyperswitch: (26 commits)
  refactor(core): change primary keys in user, user_roles and roles tables (#5374)
  chore(version): 2024.07.19.1
  refactor(connector): make the `original_authorized_amount` optional for MITs with `connector_mandate_details` (#5311)
  feat(connector): Plaid connector Integration (#3952)
  feat: encryption service integration to support batch encryption and decryption (#5164)
  refactor(core): change primary key of refund table (#5367)
  chore(version): 2024.07.19.0
  chore(postman): update Postman collection files
  Docs: Updating Error codes for documentation purposes (#5314)
  fix(core): [payouts] failure of payout retrieve when token is expired (#5362)
  build: remove unused dependencies (#5343)
  refactor(blocklist): change primary key of blocklist table (#5356)
  chore: Increasing log coverage for payment method list (#5042)
  refactor(routing): Remove backwards compatibility for the routing crate (#3015)
  refactor(merchant_account): change primary key for merchant account (#5327)
  refactor(router): remove id dependency from merchant connector account, dispute and mandate (#5330)
  feat(connector): [Itau Bank] Template for payment flows (#5304)
  chore(version): 2024.07.18.0
  refactor(router): Remove the locker call in the psync flow (#5348)
  feat(router): Add support for passing the domain dynamically in the session call (#5347)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-infra Area: Infrastructure C-feature Category: Feature request or enhancement
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[FEATURE]: Integrate encryption service with hyperswitch
7 participants