Usually Sylius Gateways are not secured, and store the configuration as a plain text. To provide higher security we want to encrypt the client id and client secret. From what I see, Payum offers encrypting gateway configs, so it should be our start point. Some adjustment might be needed, but it'd be great to use the native functionality. Once any bigger issues spotted, we might consider a custom implementation.
Small wins 🏆
[x] Client ID and Client secret provided in Admin Panel should be encrypted on the database level
[x] Encrypted data can be used to call the Tpay API, so we are able to make a payment
Usually Sylius Gateways are not secured, and store the configuration as a plain text. To provide higher security we want to encrypt the client id and client secret. From what I see, Payum offers encrypting gateway configs, so it should be our start point. Some adjustment might be needed, but it'd be great to use the native functionality. Once any bigger issues spotted, we might consider a custom implementation.
Small wins 🏆
Client ID
andClient secret
provided in Admin Panel should be encrypted on the database levelRef: