Checking access…

Skip to main content
Version: v2

PayeeConfig Encryption

Overview​

Payee configuration data (address, tax ID, patient account number, payer 835 ID, etc.) contains sensitive PII/PHI. To protect this data at rest, Convenient Checkout encrypts the serialized payee details using AES-256-GCM before persisting them in the database. The encryption key is stored in Azure Key Vault, never in source code or application configuration.


Data Model​

PayeeConfig (wallet-event-commons)​

Stored per-payee on VendorMerchant.payeeConfigs.

FieldTypeDescription
payeeIdUUIDUnique identifier for the payee entry.
encryptedPayeeDetailsStringAES-256-GCM ciphertext prefixed with enc:v1:, or legacy plain text for pre-encryption rows.
keyVersionStringThe Azure Key Vault secret version used to encrypt this row; required for decryption.

PayeeConfigs (wallet-event-commons)​

Top-level container stored on VendorMerchant.

FieldTypeDescription
defaultPayeeIdUUIDThe payee used by default when none is specified on a payment.
payeesList<PayeeConfig>All payee entries for this vendor-merchant.

PayeeConfigDTO (wallet-merchant-service)​

The inbound API representation validated before encryption.

FieldConstraintsDescription
payeeNameRequired, max 35 chars, [A-Za-z0-9 !@#$%&()_+=\-;\",'./?]Payee name.
payeeAddressLine1Required, max 30 chars, [A-Za-z0-9 !@#$%&()_+=\-;\",'./?]Street address line 1.
payeeAddressLine2OptionalStreet address line 2.
payeeCityRequired, max 24 chars, letters & spaces onlyCity.
payeeStateRequired, max 2 chars, letters onlyUS state code.
payeeZipRequired, max 10 chars, alphanumericZIP / postal code.
payeeCountryRequiredCountry code.
payeePatientAccountNumberRequired, max 38 charsPatient account number used in payment routing.
payeeTaxIdRequired, max 15 chars, alphanumericPayee tax identifier.
payer835IdRequired, max 5 chars, alphanumeric835 payer ID used for claim routing.