feat: encrypt PII fields before saving it in the database (#1043)

Co-authored-by: Nishant Joshi <nishant.joshi@juspay.in>
2025-10-31 01:57:45 +08:00 · 2023-05-30 13:43:17 +05:30
parent 77e60c82fa
commit fa392c40a8
107 changed files with 3818 additions and 1267 deletions
--- a/crates/router/src/compatibility/stripe/customers/types.rs
+++ b/crates/router/src/compatibility/stripe/customers/types.rs
@ -1,7 +1,11 @@
 use std::{convert::From, default::Default};

 use api_models::payment_methods as api_types;
-use common_utils::{date_time, pii, pii::Email};
+use common_utils::{
+    crypto::Encryptable,
+    date_time,
+    pii::{self, Email},
+};
 use serde::{Deserialize, Serialize};

 use crate::{logger, types::api};
@ -10,7 +14,7 @@ use crate::{logger, types::api};
 pub struct CreateCustomerRequest {
    pub email: Option<Email>,
    pub invoice_prefix: Option<String>,
-    pub name: Option<String>,
+    pub name: Option<masking::Secret<String>>,
    pub phone: Option<masking::Secret<String>>,
    pub address: Option<masking::Secret<serde_json::Value>>,
    pub metadata: Option<pii::SecretSerdeValue>,
@ -22,7 +26,7 @@ pub struct CustomerUpdateRequest {
    pub description: Option<String>,
    pub email: Option<Email>,
    pub phone: Option<masking::Secret<String, masking::WithType>>,
-    pub name: Option<String>,
+    pub name: Option<masking::Secret<String>>,
    pub address: Option<masking::Secret<serde_json::Value>>,
    pub metadata: Option<pii::SecretSerdeValue>,
 }
@ -35,7 +39,7 @@ pub struct CreateCustomerResponse {
    pub description: Option<String>,
    pub email: Option<Email>,
    pub metadata: Option<pii::SecretSerdeValue>,
-    pub name: Option<String>,
+    pub name: Option<masking::Secret<String>>,
    pub phone: Option<masking::Secret<String, masking::WithType>>,
 }

@ -95,10 +99,10 @@ impl From<api::CustomerResponse> for CreateCustomerResponse {
                },
            ),
            description: cust.description,
-            email: cust.email,
+            email: cust.email.map(|inner| inner.into()),
            metadata: cust.metadata,
-            name: cust.name,
-            phone: cust.phone,
+            name: cust.name.map(Encryptable::into_inner),
+            phone: cust.phone.map(Encryptable::into_inner),
        }
    }
 }
--- a/crates/router/src/compatibility/stripe/payment_intents/types.rs
+++ b/crates/router/src/compatibility/stripe/payment_intents/types.rs
@ -1,5 +1,5 @@
 use api_models::payments;
-use common_utils::{date_time, ext_traits::StringExt, pii as secret};
+use common_utils::{crypto::Encryptable, date_time, ext_traits::StringExt, pii as secret};
 use error_stack::{IntoReport, ResultExt};
 use serde::{Deserialize, Serialize};

@ -369,9 +369,9 @@ impl From<payments::PaymentsResponse> for StripePaymentIntentResponse {
            payment_token: resp.payment_token,
            shipping: resp.shipping,
            billing: resp.billing,
-            email: resp.email,
-            name: resp.name,
-            phone: resp.phone,
+            email: resp.email.map(|inner| inner.into()),
+            name: resp.name.map(Encryptable::into_inner),
+            phone: resp.phone.map(Encryptable::into_inner),
            authentication_type: resp.authentication_type,
            statement_descriptor_name: resp.statement_descriptor_name,
            statement_descriptor_suffix: resp.statement_descriptor_suffix,