Skip to content

feat: encrypt PII fields before saving it in the database #1043

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jarnura merged 74 commits into from
May 30, 2023
Merged

feat: encrypt PII fields before saving it in the database #1043

jarnura merged 74 commits into from
May 30, 2023

Conversation

@dracarys18
Copy link
Contributor

@dracarys18 dracarys18 commented May 3, 2023

Type of Change

  • New feature

Description

This PR adds support for encrypting PII fields in following tables

  • MerchantAccount
  • MerchantConnectorAccount
  • Address
  • Customer

Here's how the basic flow goes, the main encryption key master_key will be encrypted with KMS and configured in development.toml. For every merchant we will create seperate encryption key and encrypt that key with master_key and push it to the database and we will use that key to encrypt the PII fields.

This PR also has migration script that will migrate currently decrypted database to encrypted database.

Additional Changes

  • This PR modifies the database schema
  • This PR modifies application configuration/environment variables

Motivation and Context

This is for GDPR compliance for saving PII data in an encrypted format.

How did you test it?

Manual

Checklist

  • I formatted the code cargo +nightly fmt --all
  • I addressed lints thrown by cargo clippy
  • I reviewed submitted code

NishantJoshi00 and others added 30 commits March 31, 2023 14:24
@NishantJoshi00
feat(domain): add domain types for certain structs
335f5ab
@NishantJoshi00
feat(domain): make id as option in domain types
b97d26e
@NishantJoshi00
feat(domain): add function for creating new storage type
1fc0d6e
@NishantJoshi00
feat(encryption): Encryptable domain type (#827)
884d186
@NishantJoshi00
feat(domain): add conversion for the address and MerchantConnectorAcc…
306f7e6 
…ount (#823)
@dracarys18
feat: implement domain type conversion for customer and merchant acco…
096027d 
…unt (#829)
@NishantJoshi00
chore: migration to convert encryptable data to binary
605ca34
@NishantJoshi00
feat(customer): add encryption type to customer domain type (#858)
3b5ecc3
@dracarys18 @NishantJoshi00
feat(domain): add encryption for merchant account (#865)
a8e45bb 
Co-authored-by: Nishant Joshi <[email protected]>
@NishantJoshi00
chore: add script function for migration
80304d1
@dracarys18 @NishantJoshi00
feat: Add merchant key store (#873)
209300c 
Co-authored-by: Nishant Joshi <[email protected]>
@NishantJoshi00
Merge branch 'main' of https://github.com/juspay/orca into domain-types
7dfac61
@NishantJoshi00
chore: post merge cleanup
e94c3cb
@NishantJoshi00
Merge branch 'domain-types' of https://github.com/juspay/orca into pi…
272aa0c 
…i-script
@dracarys18
feat: add migration script for pii
a539eaa
@dracarys18
fix: remove subcommand from pii migration
164fb2a
@NishantJoshi00
Merge branch 'main' of https://github.com/juspay/orca into domain-types
77777af
@NishantJoshi00
chore: refactoring imports
83d2871
@dracarys18
fix: pii migration script
16ac162
@dracarys18
Merge branch 'domain-types' of github.com:juspay/hyperswitch into pii…
94cd6bd 
…-script
@dracarys18
Merge branch 'main' of github.com:juspay/hyperswitch into domain-types
0cf91cf
@dracarys18
Merge branch 'domain-types' into pii-script
aa53840
@dracarys18
fix: make encrypt decrypt public
e554c41
@dracarys18
fix: add pii feature to production
7d165ff
@dracarys18
fix: remove default from created_at and modified_at
b5c448d
@NishantJoshi00
feat(config): add migration timestamp in Settings
3980f1b
@dracarys18
fix: remove defaults from created_at and modified_at (#991)
03cd6ff
@dracarys18
fix: do updat in a transcation
b8b4931
@dracarys18
Merge branch 'pii-script' of github.com:juspay/hyperswitch into pii-s…
2619933 
…cript
@dracarys18
Merge branch 'main' of github.com:juspay/hyperswitch into domain-types
db6f22d
@dracarys18 dracarys18 removed the S-needs-conflict-resolution Status: This PR needs conflicts to be resolved by the author label May 29, 2023
SanchithHegde
SanchithHegde reviewed May 30, 2023
View reviewed changes
crates/router/src/scripts/pii_encryption.rs
.into_inner()
.expose();

assert!(dummy_data_returned == dummy_data)
Copy link
Member

@SanchithHegde SanchithHegde May 30, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use assert_eq!() instead.

crates/router/src/core/admin.rs
use error_stack::{report, FutureExt, ResultExt};
use masking::Secret;
use storage_models::{enums, merchant_account};
use masking::Secret; //PeekInterface
Copy link
Member

@SanchithHegde SanchithHegde May 30, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
use masking::Secret; //PeekInterface
use masking::Secret;

@SanchithHegde SanchithHegde added S-waiting-on-author Status: This PR is incomplete or needs to address review comments and removed S-blocked Status: Blocked on something else or other implementation work R-L1-completed labels May 30, 2023
@jarnura jarnura enabled auto-merge May 30, 2023 08:11
@jarnura jarnura added this to the May 2023 Release milestone May 30, 2023
@jarnura jarnura added this pull request to the merge queue May 30, 2023
@jarnura jarnura added S-ready-for-merge and removed S-waiting-on-author Status: This PR is incomplete or needs to address review comments labels May 30, 2023
Merged via the queue into main with commit fa392c4 May 30, 2023
@jarnura jarnura deleted the pii-script branch May 30, 2023 08:49
SanchithHegde
SanchithHegde reviewed Jun 4, 2023
View reviewed changes
crates/router/src/core/customers.rs
merchant_id: merchant_id.to_string(),
..Default::default()
})
.change_context(errors::ApiErrorResponse::AddressNotFound)?;
Copy link
Member

@SanchithHegde SanchithHegde Jun 4, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change raises an incorrect error message that the address was not found, when in reality, the deseriliazation of the address failed. Could you please fix this, and ensure that "resource not found" errors are not being raised incorrectly elsewhere?

@SanchithHegde SanchithHegde mentioned this pull request Aug 7, 2023
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SanchithHegde SanchithHegde SanchithHegde left review comments

@inventvenkat inventvenkat inventvenkat approved these changes

@jarnura jarnura jarnura approved these changes

@ashokkjag ashokkjag Awaiting requested review from ashokkjag

+2 more reviewers

@vspecky vspecky vspecky left review comments

@NishantJoshi00 NishantJoshi00 NishantJoshi00 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@dracarys18 dracarys18

@NishantJoshi00 NishantJoshi00

Labels

A-core Area: Core flows M-configuration-changes Metadata: This PR involves configuration changes M-database-changes Metadata: This PR involves database schema changes

Projects

None yet

Milestone

May 2023 Release

Development

Successfully merging this pull request may close these issues.

7 participants

@dracarys18 @inventvenkat @jarnura @SanchithHegde @vspecky @NishantJoshi00