Issue
CloudBees CD (CloudBees Flow) uses AES 128 bits (in CD up to 9.0/9.1) or AES 256 bits (CD 9.2 and onwards) to encrypt the application secrets (such as credentials, passwords, DB password, etc). AES is a symmetric algorithm (it uses the same key for encrypting and decrypting), and the key used in CloudBees CD is contained in the /conf/passkey
file, so this file must be only accessible by authorized users.
During some processes, such as cloning a CD environment using a DB Dump, we need to make sure we use the same passkey in the environment than the one used in this DB.
Resolution
How do you know that is the current passkey in your CloudBees CD system?
In your CloudBees CD DB, in the table ec_configuration_history
, sort by last_use_date
, and from the most recent row, please confirm the passkey_fingreprint
column. This is the latest passkey used in this CD DB.
You can confirm the fingerprint from a passkey file by running in a Linux environment sha1sum ${INSTALL_PATH}/conf/passkey
. The value for both, DB and file fingerprint must match.