-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Medium
-
Affects Version/s: Cloud Companion - 1.1.8
-
Component/s: Cloud Admin - Portfolio Insights - Connectivity
-
None
-
Minor
-
1
Issue Summary
When you use AES encryption to encrypt database password on your instance the env variable you create on your nodes com_atlassian_db_config_password_ciphers_algorithm_javax_crypto_spec_SecretKeySpec
interferes with the creation of the encryption key for the connection secret key, causing the link to use the same SecretKey as that used to encrypt the DB credentials.
As the connection rotates the key in certain circumstances, it can delete the key shared between DB password encryption and connection secret key encryption.
Steps to Reproduce
- Configure AES encryption for the database password for your Jira or Confluence instance by following the instructions at https://confluence.atlassian.com/adminjiraserver/aes-encryption-974378813.html including executing Step 4: (Optional) Storing file paths as environment variables.
- Connect your Data Center by following the instruction at https://support.atlassian.com/portfolio-insights/docs/connect-to-instances-from-your-portfolio/.
Expected Results
You can successfully finish connecting the instance and link to your Cloud organization is in CONNECTED state.
Actual Results
Creating a link deletes the file whose path was stored in the com_atlassian_db_config_password_ciphers_algorithm_javax_crypto_spec_SecretKeySpec environment variable.
Your link to the organization remains in the INITIALIZED or INTERRUPTED state, and the following exception is logged:
java.io.FileNotFoundException: /home/jira/javax.crypto.spec.SecretKeySpec_1234567890 (No such file or directory) at com.atlassian.db.config.password.ciphers.algorithm.serialization.SerializationFile.read(SerializationFile.java:39) at com.atlassian.db.config.password.ciphers.algorithm.AlgorithmCipher.getKeyOrGenerateNewAndGet(AlgorithmCipher.java:248) at com.atlassian.db.config.password.ciphers.algorithm.AlgorithmCipher.encrypt(AlgorithmCipher.java:178) at com.atlassian.db.config.password.ciphers.algorithm.AlgorithmCipher.encrypt(AlgorithmCipher.java:114) at com.atlassian.plugins.cloud.connect.service.linktoken.TokenCipher.encrypt(TokenCipher.java:39) at com.atlassian.plugins.cloud.connect.service.linktoken.EncryptingTokenDaoImpl.create ...
Workaround
Reverting the changes made in optional step 4 and relying on the solution provided in step 3 of https://confluence.atlassian.com/adminjiraserver/aes-encryption-974378813.html mitigates the problem.