[BUG]: API key security hazard: stored as cleared text

[RayOei]

The Mollie API-key, which is added by the foodcoop administrator, is stored as clear text. This is a SERIOUS security hazard. This key should NEVER be available for third parties, including developers, hosting parties and whom ever may get access to the database.

It seems this asks for the use of Active Record Encryption.

Note, not yet a separate issue but it seems this is also needed for all privacy sensitive data

[yksflip]

Yes I agree it would be better to store the key encrypted in the database. I disagree that this a very urgent security hazard.
Encrypting data in the database gives more security against attacks / leaks of the database. But third parties like the hosting-provider would anyway still be able to decrypt the key as they also own the encryption-key.
Having said that, we should definitely provide better protection of the api-key.

[RayOei]

I may be a bit more sensitive to this, as I have worked in banking 😁