AES-256-GCM encryption for sensitive integration credentials.
Encrypts fields like access_token, refresh_token, client_secret,
api_key, bot_token, secret_key before storing in the database.
Decrypts them when reading.
Uses the application's secret_key_base as the root key, deriving a
dedicated integration encryption key via PBKDF2.
Configuration
Encryption is enabled by default when secret_key_base is configured.
To disable, set:
config :phoenix_kit, integration_encryption_enabled: falseSummary
Functions
Decrypt sensitive fields in an integration data map after reading.
Check if encryption is available and enabled.
Encrypt sensitive fields in an integration data map before saving.
Returns the list of field keys that are encrypted.
Functions
Decrypt sensitive fields in an integration data map after reading.
Only values with the enc:v1: prefix are decrypted.
Non-encrypted values are returned as-is for backwards compatibility.
@spec enabled?() :: boolean()
Check if encryption is available and enabled.
Encrypt sensitive fields in an integration data map before saving.
Non-sensitive fields and nil/empty values are left unchanged.
Already-encrypted values (with enc:v1: prefix) are not re-encrypted.
@spec sensitive_fields() :: [String.t()]
Returns the list of field keys that are encrypted.