Skip to content

fix(users): Check key manager runtime feature flag when calling transfer key #10859

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ThisIsMani wants to merge 7 commits into
base: main
Choose a base branch
from
Open

fix(users): Check key manager runtime feature flag when calling transfer key #10859

ThisIsMani wants to merge 7 commits into from
+88 −75

Conversation

@ThisIsMani
Copy link
Contributor

@ThisIsMani ThisIsMani commented Jan 7, 2026
edited
Loading

Type of Change

  • Bugfix
  • New feature
  • Enhancement
  • Refactoring
  • Dependency updates
  • Documentation
  • CI/CD

Description

We use transfer_key_to_key_manager to transfer key to the encryption service. When that function was introduced in the user module, there was only compile time feature flag. Afterwards a runtime feature flag is also introduced which when disabled, the expectation is the encryption service is not supposed to be used.

When this runtime flag is introduced, the user code was not updated to check if the runtime feature flag is enabled before calling the transfer function. Because of this, the code is trying to transfer the key to encryption service even when the runtime feature flag is set to false.

Ideally, this check should've been in transfer function itself since that is how all the other functions (crypto_operation) functions are written.

This PR adds check in transfer_key_to_key_manager function which checks if the runtime feature flag for key manager is enabled or not.

This was being done manually before, and was not added in user part of code, which caused some problems, so, I moved the check to the transfer function itself and callers doesn't have to check this manually from now on.

Additional Changes

  • This PR modifies the API contract
  • This PR modifies the database schema
  • This PR modifies application configuration/environment variables

Motivation and Context

Closes #4071

How did you test it?

Ran both Hyperswitch and Encryption Service locally. Turned on the encryption_service compile time feature flag in Hyperswitch.

Turned on the runtime feature flag, created a user, which creates merchant and setup TOTP, both merchant and user related operations are done in this flow along with encryption and decryption. Everything worked in this case.

Turned off the runtime feature flag and logged in with the old user, which also worked. - This was the main problem before.

Created a new user in this state (runtime flag turned off).

Turned on the runtime feature flag and logged in again with both users. Second user has fell back to local decryption since the key is not present in encryption service, everything worked as expected.

Checklist

  • I formatted the code cargo +nightly fmt --all
  • I addressed lints thrown by cargo clippy
  • I reviewed the submitted code
  • I added unit tests for my changes where possible

@ThisIsMani ThisIsMani self-assigned this Jan 7, 2026
@ThisIsMani ThisIsMani requested a review from a team as a code owner January 7, 2026 17:00
@ThisIsMani ThisIsMani added the A-framework Area: Framework label Jan 7, 2026
@ThisIsMani ThisIsMani requested review from a team as code owners January 7, 2026 17:00
@ThisIsMani ThisIsMani added C-bug Category: Bug A-users Area: Users labels Jan 7, 2026
@semanticdiff-com
Copy link

semanticdiff-com bot commented Jan 7, 2026
edited
Loading

Review changes with  SemanticDiff

Changed Files
File Status
  crates/router/src/types/domain/user.rs  80% smaller
  crates/router/src/core/admin.rs  59% smaller
  crates/common_utils/src/keymanager.rs  48% smaller
  crates/common_utils/src/types/keymanager.rs  0% smaller
  crates/hyperswitch_domain_models/Cargo.toml Unsupported file format
  crates/hyperswitch_domain_models/src/type_encryption.rs  0% smaller
  crates/payment_methods/Cargo.toml Unsupported file format
  crates/router/Cargo.toml Unsupported file format
  crates/subscriptions/Cargo.toml Unsupported file format

@codecov
Copy link

codecov bot commented Jan 7, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (main@46bb969). Learn more about missing BASE report.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main   #10859   +/-   ##
=======================================
  Coverage        ?        0           
=======================================
  Files           ?        0           
  Lines           ?        0           
  Branches        ?        0           
=======================================
  Hits            ?        0           
  Misses          ?        0           
  Partials        ?        0

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@ThisIsMani ThisIsMani requested a review from a team as a code owner January 8, 2026 16:26
@ThisIsMani
Copy link
Contributor Author

ThisIsMani commented Jan 8, 2026
edited
Loading

To check if the dependencies are being enabled correctly or not, I've disabled encryption_service feature flag in router and enabled the runtime feature flag.

I've added a piece of code in the /health/ready api, which logs the output of the is_encryption_service_enabled function.

With the old feature flag dependencies, with the above setup, the log outputs true even though the compile time feature flag in router is disabled.

With the new ones, the log shows false, which is expected.

@ThisIsMani
Copy link
Contributor Author

ThisIsMani commented Jan 8, 2026
edited
Loading

These dependencies are fragile though. There is a very high chance that somebody would later use wrong dependency graph, which will revert back to the old behaviour.

EDIT: Should not be a problem because in all the images we give out, encryption_service feature flag is enabled.

SanchithHegde
SanchithHegde previously approved these changes Jan 9, 2026
View reviewed changes
tsdk02
tsdk02 reviewed Jan 12, 2026
View reviewed changes
Copy link
Contributor

@tsdk02 tsdk02 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor nit, other than that, looks good to me!

sai-harsha-vardhan
sai-harsha-vardhan reviewed Jan 16, 2026
View reviewed changes
crates/common_utils/src/types/keymanager.rs
})
}

pub fn is_encryption_service_enabled(&self) -> bool {
Copy link
Contributor

@sai-harsha-vardhan sai-harsha-vardhan Jan 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of having feature flag based branching in a fn, we can have two definitions for v1 and v2 right

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sai-harsha-vardhan sai-harsha-vardhan sai-harsha-vardhan left review comments

@SanchithHegde SanchithHegde SanchithHegde approved these changes

@tsdk02 tsdk02 tsdk02 approved these changes

@racnan racnan Awaiting requested review from racnan

@ShankarSinghC ShankarSinghC Awaiting requested review from ShankarSinghC

At least 2 approving reviews are required to merge this pull request.

Assignees

@ThisIsMani ThisIsMani

Labels

A-framework Area: Framework A-users Area: Users C-bug Category: Bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

bug(users): Encryption service is being called when runtime feature flag is disabled

5 participants

@ThisIsMani @SanchithHegde @sai-harsha-vardhan @tsdk02