-
Type:
Improvement
-
Resolution: Fixed
-
Priority:
Major
-
Component/s: Cloud Integrations
-
None
Currently Cloud Integration entity sensitve settings are encrypted, but the encrypted values are returned in API responses. Although this does hide the sensitive information, it would be better if the encrypted text was cryptographically digested before returning in API responses, like how Datum Export sensitive settings are using SHA-256.
For example the /user/c2c/integrations/
{integrationId}API might return a value like
{
"success": true,
"data": {
"userId": 123,
"configId": 4,
"created": "2024-10-12 03:50:55.90895Z",
"modified": "2024-10-12 03:51:20.525542Z",
"enabled": true,
"name": "Locus Energy Meter Example",
"serviceIdentifier": "s10k.c2c.i9n.locus",
"serviceProperties": {
"password": "{AES}ABCD_XmAofK0b-scoU",
"username": "foo",
"partnerId": "12345",
"oauthClientId": "02ffffffff3333333777777777777777",
"oauthClientSecret": "{AES}abcd_ceNmf1sVp08U3XCN3w"
}
}
}
Instead of the raw
{AES}responses returned, they should be SHA-256 digested and that shown instead, like:
{
"success": true,
"data": {
"serviceProperties": {
"password": "{SSHA-256}mryRYaZh3A+RSuxUlBjSA9L9B0Qr1/x3jC8Q0yCRz++lfGE+Zrsf4w==",
}
}
}