I'm setting up PayPal integration with my Rails website and currently am using PayPal's stored button solution. That works just fine for the two subscription levels I currently have in place, but in anticipation of negotiated rates for our larger customers, I need to have a more flexible solution that doesn't involve creating a new button for every rate we negotiate--I need a secure way to pass the payment amount to PayPal.
The way to do this seems to be to use PayPal's encrypted buttons, which uses asymmetric key cryptography. This makes me shudder because, as I understand it, I then have to remember to regenerate a new public key every year. I then need to find a secure way to store my private key and make sure that any new instances that I spin up in my AWS ElasticBeanstalk environment will have that private key on hand (without checking it into source control, obviously).
I was thinking that AWS Key Management Service might be a promising solution for key management, but everything I've read thus far suggests that it would not solve the problem I'm facing.
Can anyone offer a best practice for how to manage private keys in AWS and how to make sure I don't get bit by an expired certificate?
Aucun commentaire:
Enregistrer un commentaire