보안 강화: DB 자격증명(AppKey, Secret) 및 세션토큰(Access Token) 암호화 저장 구현 (AES-GCM/CBC), .env 정리

backend/app/services/kis_client.py

@@ -5,6 +5,7 @@ from app.core.rate_limiter import global_rate_limiter
 from app.db.database import SessionLocal
 from app.db.models import ApiSettings 
 from sqlalchemy import select
+from app.core.crypto import decrypt_str
 
 class KisClient:
     """
@@ -51,8 +52,8 @@ class KisClient:
         headers = {
             "Content-Type": "application/json",
             "authorization": f"Bearer {token}",
-            "appkey": settings.appKey,
-            "appsecret": settings.appSecret,
+            "appkey": decrypt_str(settings.appKey),
+            "appsecret": decrypt_str(settings.appSecret),
             "tr_id": tr_id,
             "tr_cont": "",
             "custtype": "P"
@@ -106,7 +107,7 @@ class KisClient:
     # -----------------------------
     async def get_balance(self, market: str) -> Dict:
         settings = await self._get_settings()
-        acc_no = settings.accountNumber
+        acc_no = decrypt_str(settings.accountNumber)
         # acc_no is 8 digits. Split? "500xxx-01" -> 500xxx, 01
         if '-' in acc_no:
             cano, prdt = acc_no.split('-')
@@ -156,11 +157,13 @@ class KisClient:
         price: 0 for Market? KIS logic varies.
         """
         settings = await self._get_settings()
-        if '-' in settings.accountNumber:
-            cano, prdt = settings.accountNumber.split('-')
+        acc_no_str = decrypt_str(settings.accountNumber)
+        
+        if '-' in acc_no_str:
+            cano, prdt = acc_no_str.split('-')
         else:
-            cano = settings.accountNumber[:8]
-            prdt = settings.accountNumber[8:]
+            cano = acc_no_str[:8]
+            prdt = acc_no_str[8:]
 
         if market == "Domestic":
             # TR_ID: TTT 0802U (Buy), 0801U (Sell) -> using sample 0012U/0011U