# Migration Plan library @autofidev/encrypt A new release of the library @autofidev/encrypt has been created. release version: `2.0.0` encryption algorithm version contained in this release: - `v0` - Encryption Algorithm: `aes-256-ctr` - Encrypt functions: depracated `createCipher` and `createDecipher` - `v1` - Encryption Algorithm: `aes-256-ctr` - Encrypt functions: `createCipheriv` and `createDecipheriv` - `v2` - Encryption Algorithm: `aes-256-cbc` - Encrypt functions: `createCipheriv` and `createDecipheriv` ## Compatibility version `2.0.0` of the library is backward compatible to any of the previous version, this means that it should be able to decrypt any provided encrypted string generated wtih `v0`, `v1` and `v2`. #### considerations Apps running library version `1.3.0` or below will not be able to decrypt any string that could be generated with version `v2` of the library, that means we need to feature flags for this migrations and also coordinate between apps that have any kind of low level dependencies. By low devel dependencies we means sharing information through database or similar. for example cobra encrypts `ssn` in mongo loan app document and then smartcow decrypts from mongo, that will generated problems if cobra is using `v2` and smartcow haven't updated the library to `2.0.0`. ## Feature flag For this migration the idea is to use for every app that we consider necessary, a feature flag for a controlled migration. for this case we are going to use `environment variables` as feature flags, giving that not every app have launch darkly implemented and for simplicity in the code changes. The environment variable defined and that should be use cross app is `ENCRYPT_V2_MIGRATION`. here is an example of what we want to flag. ``` javascript import encrypt, { Version } from '@autofidev/encrypt'; import settings from '@app/settings'; const getEncryptLib = () => { if (settings.ENCRYPT_V2_MIGRATION) { return encrypt(settings.ENCRYPTIONKEY, { version: Version.v2 }); } return encrypt(settings.ENCRYPTIONKEY, { version: Version.v0 }); }; ``` by default, when the flag `ENCRYPT_V2_MIGRATION` is `false`, we want to keep using the same version that is currently been used, for most cases is `Version.v0`. when te flag is set to `true`, we want to use the new version of the library, `Version.v2`. ## Current library version per app - falcon (`1.3.0`) using `v0` - loanapp (`1.0.0`) using `v0` - smart_cow (`1.1.0`) using `v0` - autofi - loanapp-api (`1.0.0`) using `v0` - autofi - penguin middleware (`1.3.0`) using `v0` - hippo (`1.0.0`) using `v0` - Scorpion (`1.3.0`) using `v1` - credit-app (`1.3.0`) using `v1` - Cobra (`1.0.0`) using `v0` ## Migration Steps 1. Figure out all cross app dependencies - create a list of each app and it's related dependencies of other apps. 2. Update encryption library in every app - update in every app the `@autofidev/encrypt` library to version `2.0.0` - add the environment variable `ENCRYPT_V2_MIGRATION` as described in the `Feature flag` section of this document. - set the enviroment variable as `false` by default. - to those apps that have dependencies of other apps, should have a coordinated enabling of the feature flag. - to those apps that doesn't have dependencies, can be migrated to their own pace and doesn't need coordination from other apps. 3. Create migration task on each team jira board with it corresponding app/repo. 4. Test apps - Test the apps and check everything is working properly - For those apps with dependencies we need to make a coordinated test to check everything is working properly cross apps. - we should do a full regresion test in staging 5. Turn `ON` feature flag on PROD - once everything has been tested and working properly, we need to coordinate changing the environment variable `ENCRYPT_V2_MIGRATION` to `true` for all the apps that share dependencies. - apps that don't share dependencies can turn `ON` the feature flag at anytime. - devops should help on changing the environment variable value at once of all the apps needed. - after feature flag is `ON` we should test everything is ok in prod - should we do this during a downtime? 6. Clean up - After we consider everything is stable with the new enctyption version `v2`, we get rid of the feature flag and use by default this new version. ## Rollback For rolling back in case of something fails, we should change to `false` the environment variable `ENCRYPT_V2_MIGRATION` for all the apps.