[MODORGSTOR-33] Implement encryption of interface credentials - FOLIO Issue Tracker

XML

Word

Printable

Details

Type: Story
Status: Draft (View Workflow)
Priority: P3
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Labels:
- tech-debt

Template:

Thunderjet/Firebird Back-end Story Template
Development Team:
Thunderjet
Release:
Poppy (R2 2023)
Epic Link:
Organizations (Vendor) management functionality that FOLIO needs to stay competitive

Description

Overview:
For security reasons we need to store interface credential password encrypted with possibility of decription.
The main idea is to generate encryption key on each POST interface credential request, encrypt received password before saving it to DB, and save encryption key to the secure storage. On each GET interface credential request: pull encryption key and return response with decrypted password.

One of the secure stores could be used for this purpose.

Acceptance Criteria:

password is encrypted on POST and PUT interface credential request
password is decrypted on GET interface credential request
Unit tests are updated
API tests are updated

TestRail: Results

Attachments

Issue Links

defines

UXPROD-3431 Acquisitions (Thunderjet) - Tech Debt, NFR - Backlog

In Refinement

is blocked by

FOLIO-2278 Spike: Secret Storage

Open

mentioned in: Page Loading...; Page Loading...

Activity

People

Assignee:: Raman Auramau

Reporter:: Siarhei Hrabko

Tester Assignee:: Craig McNally

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 28/Jun/19 2:09 PM

Updated:: 22/Feb/23 4:23 AM

Implement encryption of interface credentials