ARTIFACTORY: How to Resolve the "Could Not Decrypt" Error When Decrypting the DB Password in system.yaml

ARTIFACTORY: How to Resolve the "Could Not Decrypt" Error When Decrypting the DB Password in system.yaml

AuthorFullName__c
Ino Choi
articleNumber
000006175
ft:sourceType
Salesforce
FirstPublishedDate
2024-09-05T10:43:55Z
lastModifiedDate
2024-10-14
VersionNumber
2

Introduction

 

After adding the database connection details to the system.yaml file:

shared:
  database:
    type: postgresql
    driver: org.postgresql.Driver
    url: jdbc:postgresql://<your db url, for example: localhost:5432>/artifactory
    username: artifactory
    password: asdfEDv


The password field will be encrypted in the following format after Artifactory starts up:

 

shared:
  database:
    type: postgresql
    driver: org.postgresql.Driver
    url: jdbc:postgresql://<your db url, for example: localhost:5432>/artifactory
    username: artifactory
    password: 25729e.aesgcm128.u77sFsQXrlus974TAN8IeUNyXRxILgXwalop9RXY9QjVOm8

 

This consists of:

  • Prefix (e.g. 25729e)
  • Encryption method (e.g. aesgcm128)
  • Base64-encoded data (e.g. u77sFsQXrlus974TAN8IeUNyXRxILgXwalop9RXY9QjVOm8)


Following the instructions in this KB article, you can decrypt this database password. However, in some cases, it may not simply decrypt the password and you may encounter the following error when running the decryption command:

jfrog support decrypt <encrypted-password> <master.key>


Example:

jfrog support decrypt 25729e.aesgcm128.u77sFsQXrlus974TAN8IeUNyXRxILgXwalop9RXY9QjVOm8 7ca3c86e52389a5a62fbb6ae01b5458c

[Error] could not decrypt
exit status 1

In this case, go through the steps below to resolve the problem.

Resolution

 

1. A Base64 encoded string must have a length that is a multiple of 4 characters. Let's consider the following Base64 data string as an example:
u77sFsQXrlus974TAN8IeUNyXRxILgXwalop9RXY9QjVOm8
2. To check the length of this string, you can run the following command:
echo -n 'u77sFsQXrlus974TAN8IeUNyXRxILgXwalop9RXY9QjVOm8' | wc -m
Output:
47
As seen, the string length is 47 characters, which is not a multiple of 4.

3. To resolve this issue, you can add padding characters (==), which are used to ensure the Base64 encoded string's length meets the specification requirement of being a multiple of 4 characters. Here's how you run the updated command:
jfrog support decrypt 25729e.aesgcm128.u77sFsQXrlus974TAN8IeUNyXRxILgXwalop9RXY9QjVOm8== 7ca3c86e52389a5a62fbb6ae01b5458c
The decrypted password will be:
asdfEDv