feat(hashicorp): implement hashicorp secrets manager solution (#3297)

Co-authored-by: hyperswitch-bot[bot] <148525504+hyperswitch-bot[bot]@users.noreply.github.com>

crates/router/src/core/pm_auth.rs

@@ -5,6 +5,8 @@ use api_models::{
     payment_methods::{self, BankAccountAccessCreds},
     payments::{AddressDetails, BankDebitBilling, BankDebitData, PaymentMethodData},
 };
+#[cfg(feature = "hashicorp-vault")]
+use external_services::hashicorp_vault::{self, decrypt::VaultFetch};
 use hex;
 pub mod helpers;
 pub mod transformers;
@@ -345,15 +347,36 @@ async fn store_bank_details_in_payment_methods(
         }
     }
 
+    let pm_auth_key = async {
+        #[cfg(feature = "hashicorp-vault")]
+        let client = external_services::hashicorp_vault::get_hashicorp_client(&state.conf.hc_vault)
+            .await
+            .change_context(ApiErrorResponse::InternalServerError)
+            .attach_printable("Failed while creating client")?;
+
+        #[cfg(feature = "hashicorp-vault")]
+        let output = masking::Secret::new(state.conf.payment_method_auth.pm_auth_key.clone())
+            .fetch_inner::<hashicorp_vault::Kv2>(client)
+            .await
+            .change_context(ApiErrorResponse::InternalServerError)?
+            .expose();
+
+        #[cfg(not(feature = "hashicorp-vault"))]
+        let output = state.conf.payment_method_auth.pm_auth_key.clone();
+
+        Ok::<_, error_stack::Report<ApiErrorResponse>>(output)
+    }
+    .await?;
+
     #[cfg(feature = "kms")]
     let pm_auth_key = kms::get_kms_client(&state.conf.kms)
         .await
-        .decrypt(state.conf.payment_method_auth.pm_auth_key.clone())
+        .decrypt(pm_auth_key)
         .await
         .change_context(ApiErrorResponse::InternalServerError)?;
 
     #[cfg(not(feature = "kms"))]
-    let pm_auth_key = state.conf.payment_method_auth.pm_auth_key.clone();
+    let pm_auth_key = pm_auth_key;
 
     let mut update_entries: Vec<(storage::PaymentMethod, storage::PaymentMethodUpdate)> =
         Vec::new();