@develit-services/bank 0.8.19 → 1.0.0

package/README.md

@@ -337,6 +337,39 @@ Sifrovane bankovni tokeny (AES). Typy: `AUTH_TOKEN`, `REFRESH_TOKEN`, `CLIENT_ID
 
 Jednorazove tokeny pro autorizacni flow uctu.
 
+## Secrets Store — encryption key
+
+Bankovni credentials (`account_credentials`) jsou sifrovane pomoci **AES-256-GCM** (Web Crypto API). Sifrovaci klic je ulozen v Secrets Store jako `BANK_SERVICE_ENCRYPTION_KEY`.
+
+### Jak klic funguje
+
+- **Algoritmus**: AES-GCM (256-bit)
+- **IV**: 12 bytu, nahodne generovany pro kazdou sifrovaci operaci
+- **Format ulozeni**: base64(IV + ciphertext) v sloupci `account_credentials.value`
+- **Sifrovana data**: `AUTH_TOKEN`, `REFRESH_TOKEN`, `CLIENT_ID`, `API_KEY` bankovnich konektoru
+
+### Jak vygenerovat klic
+
+```bash
+# Vygeneruje 256-bit AES klic a vypise jako base64
+node -e "crypto.subtle.generateKey({name:'AES-GCM',length:256},true,['encrypt','decrypt']).then(k=>crypto.subtle.exportKey('raw',k)).then(b=>console.log(Buffer.from(b).toString('base64')))"
+```
+
+Alternativne:
+
+```bash
+# 32 nahodnych bytu = 256 bitu, zakodovano jako base64
+openssl rand -base64 32
+```
+
+Vysledny base64 retezec ulozit do Secrets Store pod nazvem `BANK_SERVICE_ENCRYPTION_KEY`.
+
+### Bezpecnostni doporuceni
+
+- Pouzijte **jiny klic pro kazde prostredi** (local, dev, staging, production)
+- Pri rotaci klice je nutne **re-encryptovat** vsechny existujici credentials — zmena klice bez migrace zpusobi neschopnost desifrovat stavajici tokeny
+- Klic nikdy neukladejte do kodu, env souboru ani git repozitare
+
 ## Error Codes
 
 Format: `{CATEGORY}-B-{NUMBER}`

package/dist/database/schema.cjs

@@ -1,23 +1,23 @@
 'use strict';
 
-const paymentRequest_schema = require('../shared/bank.BBXoZ5QU.cjs');
+const database_schema = require('../shared/bank.Qg6TA8fX.cjs');
 require('@develit-io/backend-sdk');
-require('drizzle-orm/relations');
 require('drizzle-orm/sqlite-core');
 require('date-fns');
 require('jose');
 require('@develit-io/general-codes');
+require('drizzle-orm/relations');
 require('drizzle-orm');
 require('node:crypto');
 require('drizzle-zod');
 
 
 
-exports.account = paymentRequest_schema.account;
-exports.accountCredentials = paymentRequest_schema.accountCredentials;
-exports.batch = paymentRequest_schema.batch;
-exports.ott = paymentRequest_schema.ott;
-exports.payment = paymentRequest_schema.payment;
-exports.paymentRelations = paymentRequest_schema.paymentRelations;
-exports.paymentRequest = paymentRequest_schema.paymentRequest;
-exports.paymentRequestRelations = paymentRequest_schema.paymentRequestRelations;
+exports.account = database_schema.account;
+exports.accountCredentials = database_schema.accountCredentials;
+exports.batch = database_schema.batch;
+exports.ott = database_schema.ott;
+exports.payment = database_schema.payment;
+exports.paymentRelations = database_schema.paymentRelations;
+exports.paymentRequest = database_schema.paymentRequest;
+exports.paymentRequestRelations = database_schema.paymentRequestRelations;

package/dist/database/schema.d.cts

@@ -1,7 +1,8 @@
-export { aw as account, ax as accountCredentials, ay as batch, az as ott, aA as payment, aB as paymentRelations, aC as paymentRequest, aD as paymentRequestRelations } from '../shared/bank.D8BIM2O3.cjs';
+export { az as account, aA as accountCredentials, aB as batch, aC as ott, aD as payment, aE as paymentRelations, aF as paymentRequest, aG as paymentRequestRelations } from '../shared/bank.DB0MCjZ8.cjs';
 import 'drizzle-orm/sqlite-core';
 import 'drizzle-orm';
 import '@develit-io/backend-sdk';
 import '@develit-io/general-codes';
 import 'zod';
 import 'drizzle-zod';
+import 'zod/v4/core';

package/dist/database/schema.d.mts

@@ -1,7 +1,8 @@
-export { aw as account, ax as accountCredentials, ay as batch, az as ott, aA as payment, aB as paymentRelations, aC as paymentRequest, aD as paymentRequestRelations } from '../shared/bank.D8BIM2O3.mjs';
+export { az as account, aA as accountCredentials, aB as batch, aC as ott, aD as payment, aE as paymentRelations, aF as paymentRequest, aG as paymentRequestRelations } from '../shared/bank.DB0MCjZ8.mjs';
 import 'drizzle-orm/sqlite-core';
 import 'drizzle-orm';
 import '@develit-io/backend-sdk';
 import '@develit-io/general-codes';
 import 'zod';
 import 'drizzle-zod';
+import 'zod/v4/core';

package/dist/database/schema.d.ts

@@ -1,7 +1,8 @@
-export { aw as account, ax as accountCredentials, ay as batch, az as ott, aA as payment, aB as paymentRelations, aC as paymentRequest, aD as paymentRequestRelations } from '../shared/bank.D8BIM2O3.js';
+export { az as account, aA as accountCredentials, aB as batch, aC as ott, aD as payment, aE as paymentRelations, aF as paymentRequest, aG as paymentRequestRelations } from '../shared/bank.DB0MCjZ8.js';
 import 'drizzle-orm/sqlite-core';
 import 'drizzle-orm';
 import '@develit-io/backend-sdk';
 import '@develit-io/general-codes';
 import 'zod';
 import 'drizzle-zod';
+import 'zod/v4/core';

package/dist/database/schema.mjs

@@ -1,10 +1,10 @@
-export { q as account, r as accountCredentials, s as batch, t as ott, u as payment, v as paymentRelations, w as paymentRequest, x as paymentRequestRelations } from '../shared/bank.CXBeULUL.mjs';
+export { x as account, y as accountCredentials, z as batch, D as ott, E as payment, F as paymentRelations, G as paymentRequest, H as paymentRequestRelations } from '../shared/bank.CiB2ECAF.mjs';
 import '@develit-io/backend-sdk';
-import 'drizzle-orm/relations';
 import 'drizzle-orm/sqlite-core';
 import 'date-fns';
 import 'jose';
 import '@develit-io/general-codes';
+import 'drizzle-orm/relations';
 import 'drizzle-orm';
 import 'node:crypto';
 import 'drizzle-zod';