[ ] Ticket is understood, and QA has been contacted (if the ticket has a QA label).
User Story(ies)
As a Notify developer,
I want to remove encrypted PII from the database when a redacted message reaches its final status
So that everybody remains in compliance with all applicable laws and VA policies.
Additional Info and Resources
See #1357. Those changes should ensure that PII is not visible in any http response, but PII can still live in the database in encrypted form. Once a notification generated using a redacted template reaches a final status, the personalization data should be replaced in the database with "\<redacted>".
[ ] Refactor process_delivery_status to decrypt, sanitize, and re-encrypt personalization data when updating to a final status. Note that currently the update actually happens as a side-effect in the _calculate_pricing helper function. Refactor to make the logic flow more obvious a free of side-effects. For a concise example of how to do this, see here and the following setter method.
User Story - Business Need
User Story(ies)
As a Notify developer, I want to remove encrypted PII from the database when a redacted message reaches its final status So that everybody remains in compliance with all applicable laws and VA policies.
Additional Info and Resources
See #1357. Those changes should ensure that PII is not visible in any http response, but PII can still live in the database in encrypted form. Once a notification generated using a redacted template reaches a final status, the personalization data should be replaced in the database with "\<redacted>".
https://github.com/department-of-veterans-affairs/notification-api/blob/master/app/models.py#L1406
Engineering Checklist
Acceptance Criteria
<redacted>
QA Considerations