Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-17490

access.creds and service_id are being written with encrypted value to the filesystem


    • Type: Bug
    • Status: Resolved
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.7.0
    • Component/s: Encryption
    • Labels:


      "access.creds" and "service_id" are being written with encrypted value to the filesystem. There is a scenario where these files are written as encrypted to the filesystem if the "communication.key" file was missing temporarily on the Artifactory node. Below are the steps to reproduce:

      1. move the communication.key to a temp location on the member node.

      2. "touch" the service_id file on the primary node which will update the timestamp of this file in the database as well.

      3. Since the timestamp for service_id file in the database is newer than the one on the member node. We copy the service_id from DB to filesystem on the member node. Since the "communication.key" is missing, the content is copied as encrypted to filesystem. Even if we move the communication.key back to the member node, the service_id will remain encrypted and when the node is restarted it will fail.

      When copying the newer service_id from the database to filesystem on the member node we should check to see if the "communication.key" is present. If it is missing, then we should throw an error (failed to decrypt in the logs) and fail the copy. As of now we just copy the encrypted content from db to filesystem.




            • Assignee:
              shayb Shay Bagants
              nihalc@jfrog.com Nihal Reddy Chinna Choudhary
              Assigned QA:
              Liza Dashevski (Inactive)
            • Votes:
              0 Vote for this issue
              1 Start watching this issue


              • Created: