Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-10587

Issue with API Key encryption in version 4.8.1 after upgrade/migration

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 4.8.1
    • Fix Version/s: 4.9.0
    • Component/s: API Key, Import/export
    • Labels:
      None

      Description

      If customers follow the below upgrade/migrate procedure to go to version 4.8.1, then the API keys would remain unencrypted after the migration is completed and authentication using the API key will fail with the below error.

      {

      "errors" : [

      { "status" : 403, "message" : "Bad props auth token: apiKey=AKCp2UPB1BAVBePkXGVKthv2u544F1cgQMknPwZynuxc8C5Y3nGFaDEe18Pb19idgrjcKKoh2" }

      ]

      }

      Steps To Reproduce/Upgrade:

      1. Fresh install of 4.8.1 and have the the password encryption policy set to "Encrypted" under [Artifactory UI] ??? [Admin] ??? [Security] ??? [General] ??? [Scroll to the bottom ???Passwords Encryption??? section]

      2. Take a full system export from a version older than 4.8.1. Before taking the export, please make sure that the password encryption policy is set to "Encrypted" under [Artifactory UI] ??? [Admin] ??? [Security] ??? [General] ??? [Scroll to the bottom ???Passwords Encryption??? section]. Also remember to create a few users in this version and also generate the API keys for these users

      3. Perform a full system import in version 4.8.1. Wait for the import to be completed.

      4. Once the import is complete try running the below REST API using API key of a user for authentication and you will notice that it fails with the "Bad Props auth token". This happens due to API keys in database being unencrypted after the import.

      curl -X GET "http://localhost:8081/artifactory/api/system" -H "X-JFrog-Art-Api:AKCp2UPB1BAVBePkXGVKthv2u544F1cgQMknPwZynuxc8C5Y3nGFaDEe18Pb19idgrjcKKoh2"

      5. In order to recover from this state, we followed your suggestion to "Decrypt" and then, Encrypt the passwords from [Artifactory UI] ??? [Admin] ??? [Security] ??? [General] ??? [Scroll to the bottom ???Passwords Encryption??? section].

      If a customer is upgrading to version 4.8.1 using the standalone upgrade procedure or the RPM upgrade procedure, then they will not see this issue.

      Since many of our customers follow the above procedure to upgrade, we need to fix this issue in the code so that the API keys are encrypted during the migration to 4.8.1 and above.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                shayy Shay Yaakov (Inactive)
                Reporter:
                nihalc@jfrog.com Nihal Reddy Chinna Choudhary
                Assigned QA:
                Mor Iluz (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: