[BE] Encrypted Storage for Webhook Secrets

[emdevelopa]

Context

Webhook secrets are currently stored in plain text. If the DB is leaked, all merchant secrets are exposed.

What 'Done' Looks Like

• Use crypto with an app-level encryption key.
• Secrets are encrypted before insert and decrypted on retrieval for verification.

Complexity

Medium (150 points)

[WISDOM-WOKE22]

@WISDOM-WOKE22 has applied to work on this issue as part of the Stellar Wave Program's 3rd wave.

working on this

ℹ️ Repo Maintainers: To accept this application, review their application or assign @WISDOM-WOKE22 to this issue.

[drips-wave]

Congratulations, @WISDOM-WOKE22! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on March 30, 2026.

🧑‍💻 @WISDOM-WOKE22: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊