Credential Vault Service - Meander - Peer Mentor Platform

Service Layer high complexity backend

Dependencies

Dependents

Entities

Integrations

Description

Service responsible for encrypting, storing, and retrieving per-organization connection credentials (OAuth 2.0 client secrets or API keys) for external portal connections. Credentials are encrypted at rest using envelope encryption and are never returned to the client layer - only resolved internally at sync time.

Feature: External Portal Integration

credential-vault-service

Responsibilities

Encrypt credentials using envelope encryption before persisting to the database
Resolve and decrypt credentials at sync time for use by the External Portal Connector
Enforce write-only semantics on the API surface - credentials cannot be read back after saving
Support credential rotation without downtime by allowing staged replacement

Interfaces

storeCredentials(orgId: string, credentials: RawCredentials): void

resolveCredentials(orgId: string): DecryptedCredentials

rotateCredentials(orgId: string, newCredentials: RawCredentials): void

deleteCredentials(orgId: string): void

Relationships

Dependencies (1)

Components this component depends on

data Portal Integration Configurations Table

Dependents (1)

Components that depend on this component

service External Portal Connector