1. Digital.ai Support
  2. DevOps
  3. Digital.ai Release & Deploy

Issue: Unable to start Deploy [Cannot decrypt: key=deploy.plugins.servers[0].credentials.password]

Avatar
Pranav Prakash

Issue

Unable to start Deploy [Cannot decrypt: key=deploy.plugins.servers[0].credentials.password]

Environment

Noticed in Deploy 10.x

Symptom

2021-09-21 11:11:18.785 [main] {} WARN o.s.b.l.logback.LogbackLoggingSystem - Ignoring 'logback.
   configurationFile' system property. Please use 'logging.config' instead.
2021-09-21 11:11:19.057 [main] {} WARN o.s.c.b.e.EnvironmentDecryptApplicationInitializer - Cannot
    decrypt: key=deploy.plugins.servers[0].credentials.password
2021-09-21 11:11:19.090 [main] {} ERROR o.s.boot.SpringApplication - Application run failed
java.lang.IllegalStateException: Cannot decrypt: key=deploy.plugins.servers[0].credentials.password

Cause

Possibly, you have copied <DEPLOY_HOME>/conf/deployit.conf and replaced the original one. So, the encryption key xl.spring.cloud.encrypt.key that is used to create a hash is changed.

Solution

If you have the old key backed up, replace the generated key with the old key in plaintext. After updating the key, restart the application to ensure proper decryption.

Workaround

If you don't have the old key backed up, remove all the encrypted fields [containing '{cipher}' and '{aes}'] from the <DEPLOY_HOME>/centralConfiguration and <DEPLOY_HOME>/conf/deployit.conf, and update them with plaintext.

Additional Details

During the upgrade process, it's crucial to ensure that password configurations are updated consistently across all relevant files. Even if passwords have been updated in plaintext for the deployit.conf file, it's necessary to redo this process simultaneously with updating other files to maintain uniformity and avoid potential conflicts.

Additional files that may require password updates include:

  • centralConfiguration/deploy-artifact-resolver.yaml
  • centralConfiguration/deploy-cluster.yaml
  • centralConfiguration/deploy-plugins.yaml
  • centralConfiguration/deploy-server.yaml
  • centralConfiguration/deploy-task.yaml
  • centralConfiguration/deploy-repository.yaml

By ensuring that all necessary files and parameters are updated with plaintext passwords simultaneously, you'll mitigate potential decryption issues and facilitate a smoother operation of the application.

The passwords will be re-encrypted once the Deploy service starts.

 

Was this article helpful?
1 out of 1 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section

See more