[NXP-30845] nuxeo.aws.accessKeyId and nuxeo.aws.secretKey not decrypted correctly - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2021.14
Fix Version/s: 2021.17
Component/s: nuxeoctl start/stop/admin

Release Notes Summary:
nuxeo.aws.accessKeyId and nuxeo.aws.secretKey are correctly decrypted.
Tags:
Sprint:
nxplatform #55
Story Points:
2

Description

Possibly since NXP-28880, nuxeo.aws.accessKeyId and nuxeo.aws.secretKey seem to not be decrypted and injected correctly in the application.

nuxeoctl config nuxeo.aws.accessKeyId --encrypt -q
nuxeoctl config nuxeo.aws.secretKey  --encrypt -q

2022-01-25T09:43:58,226 DEBUG [http-nio-0.0.0.0-8080-exec-3] [org.nuxeo.ecm.blob.s3.S3BlobStoreConfiguration] Failed to get ObjectLockConfiguration for bucket: nuxeo_obj
com.amazonaws.services.s3.model.AmazonS3Exception: null (Service: Amazon S3; Status Code: 403; Error Code: InvalidAccessKeyId; Request ID: tx000000000000032c95a06-0061efc65e-67f1c-default; S3 Extended Request ID: 67f1c-default-default; Proxy: 10.130.100.11)

Encrypting nuxeo.s3storage.awsid, nuxeo.s3storage.awssecret or the mongodb password works fine.

The freemarker template containing nuxeo.aws.accessKeyId and nuxeo.aws.secretKey is more complex so this may be something to investigate.

Customers reports that it used to work fine prior to 2021.14

Attachments

Activity

People

Assignee:

Kevin Leturc

Reporter:

Michaël Vachette

Participants:

Jenkins, Kevin Leturc, Michaël Vachette

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

2022-01-26 09:12

Updated:

2022-03-14 15:04

Resolved:

2022-02-18 09:56