What is the recommended approach to send emails that contains sensitive information through Oban jobs? Like for eg., sending OTP which is stored in the db in the hashed format and shouldn’t stored in plain text format? The job perform function cannot query this data from the db as it’s already hashed and if the OTP is present in the serialised job data, it will persist in the DB as plain text which in this case is not desired.
Is it possible to generate, send and store hashed OTP inside the job?
2 Likes
I would like the Job to send the OTP. So storing hashed OTP in the job wouldn’t work as the email needs have the plain text data. One option is use Phoenix token to encrypt the data and store it in the job but I’m wondering if there is any other option?
Generate the OTP as part of the job, not when creating the job.
This way the job has control over the clear and hashed version of the OTP.
You probably do not need the OTP before it has been sent to the other party anyway.
4 Likes
Thanks @NobbZ This should definitely work and would accept as a solution. Will wait to see if there is any other option that comes up before accepting it.
Please give ibarch the credit, as it is their suggestion but with more words.
2 Likes
Thanks once again. Just reread @ibarch 's message. I feel 
for not reading his message properly. Indeed his reply already answered my question!
In a hurry, I read his message as “Is it possible to generate, send (outside of the job) and (then) store hashed OTP inside the job?” which didn’t make sense to me.
1 Like
I’m sorry for not articulating my suggestion properly, which caused the confusion. I initially thought that it was fairly obvious to fully delegate OTP handling to the Oban job, and that there was a hard requirement for OTP codes to be generated by another system outside of your control. I also assumed you were specifically asking how to tackle this tricky scenario.
Anyway, I’m glad that we’ve collectively arrived at the solution that works for you.
This seems to be solved, but I’d like to note for future readers that there is an encrypted jobs option in Oban Pro for instances when sensitive data must be put in the database.
2 Likes
