Issue: Unable to start Deploy [Cannot decrypt: key=deploy.plugins.servers[0].credentials.password]


Unable to start Deploy [Cannot decrypt: key=deploy.plugins.servers[0].credentials.password]


Noticed in Deploy 10.x


2021-09-21 11:11:18.785 [main] {} WARN o.s.b.l.logback.LogbackLoggingSystem - Ignoring 'logback.
configurationFile' system property. Please use 'logging.config' instead.
2021-09-21 11:11:19.057 [main] {} WARN o.s.c.b.e.EnvironmentDecryptApplicationInitializer - Cannot
decrypt: key=deploy.plugins.servers[0].credentials.password
2021-09-21 11:11:19.090 [main] {} ERROR o.s.boot.SpringApplication - Application run failed
java.lang.IllegalStateException: Cannot decrypt: key=deploy.plugins.servers[0].credentials.password


Possibly, you have copied <DEPLOY_HOME>/conf/deployit.conf and replaced the original one. So, the encryption key that is used to create a hash is changed.


If you have the old key backed up, replace the generated key with the old key in plaintext. After updating the key, restart the application to ensure proper decryption.


If you don't have the old key backed up, remove all the encrypted fields [containing '{cipher}' and '{aes}'] from the <DEPLOY_HOME>/centralConfiguration and <DEPLOY_HOME>/conf/deployit.conf, and update them with plaintext.

Additional Details

During the upgrade process, it's crucial to ensure that password configurations are updated consistently across all relevant files. Even if passwords have been updated in plaintext for the deployit.conf file, it's necessary to redo this process simultaneously with updating other files to maintain uniformity and avoid potential conflicts.

Additional files that may require password updates include:

  • centralConfiguration/deploy-artifact-resolver.yaml
  • centralConfiguration/deploy-cluster.yaml
  • centralConfiguration/deploy-plugins.yaml
  • centralConfiguration/deploy-server.yaml
  • centralConfiguration/deploy-task.yaml
  • centralConfiguration/deploy-repository.yaml

By ensuring that all necessary files and parameters are updated with plaintext passwords simultaneously, you'll mitigate potential decryption issues and facilitate a smoother operation of the application.

The passwords will be re-encrypted once the Deploy service starts.


Was this article helpful?
1 out of 1 found this helpful



Please sign in to leave a comment.