-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: encryption service integration to support batch encryption and decryption #5164
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…h into add_encryption_service
…h into add_mtls_keymanager
…nto add_mtls_keymanager
…o add_migration_api
…o add_migration_api
… avoid duplicate code
ArjunKarthik
requested review from
SanchithHegde,
lsampras,
vspecky,
ThisIsMani and
dracarys18
July 18, 2024 14:18
SanchithHegde
approved these changes
Jul 18, 2024
dracarys18
approved these changes
Jul 18, 2024
ThisIsMani
approved these changes
Jul 19, 2024
lsampras
approved these changes
Jul 19, 2024
vspecky
approved these changes
Jul 19, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM on behalf of @juspay/hyperswitch-routing
pixincreate
added a commit
that referenced
this pull request
Jul 19, 2024
* 'main' of github.com:juspay/hyperswitch: (26 commits) refactor(core): change primary keys in user, user_roles and roles tables (#5374) chore(version): 2024.07.19.1 refactor(connector): make the `original_authorized_amount` optional for MITs with `connector_mandate_details` (#5311) feat(connector): Plaid connector Integration (#3952) feat: encryption service integration to support batch encryption and decryption (#5164) refactor(core): change primary key of refund table (#5367) chore(version): 2024.07.19.0 chore(postman): update Postman collection files Docs: Updating Error codes for documentation purposes (#5314) fix(core): [payouts] failure of payout retrieve when token is expired (#5362) build: remove unused dependencies (#5343) refactor(blocklist): change primary key of blocklist table (#5356) chore: Increasing log coverage for payment method list (#5042) refactor(routing): Remove backwards compatibility for the routing crate (#3015) refactor(merchant_account): change primary key for merchant account (#5327) refactor(router): remove id dependency from merchant connector account, dispute and mandate (#5330) feat(connector): [Itau Bank] Template for payment flows (#5304) chore(version): 2024.07.18.0 refactor(router): Remove the locker call in the psync flow (#5348) feat(router): Add support for passing the domain dynamically in the session call (#5347) ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Type of Change
Description
Additional Changes
Motivation and Context
PCI compliance requires application to follow some standards where encryption and decryption should not happen within the application as snapshot might have DEK and data together. So separate service should be used for encryption and decryption. In application wherever we are calling encrypt and decrypt it will be replaced by API call to encryption service.
How did you test it?
Changes can be verified only through logs. Look for "Fall back to Application Encryption" or "Fall back to Application Decryption" in the logs post deployment after running below tests. If logs are present encryption/decryption failed with encryption service and fall back to the application encryption which has to be investigated.
Test with merchant created before the changes deployed
1. Create Payment
2. Retrieve Payment
3. Create Refund
4. Retrieve Payment
Test with merchant created after the changes deployed
1. Create Merchant
2. Create API Key
3. Create MCA
4. Create Payment
6. Retrieve Payment
7. Create Refund
8. Retrieve Payment
Requires sanity on all the flows
Checklist
cargo +nightly fmt --all
cargo clippy