when I do a simple expression like wso2:vault-lookup('my-token') it returns empty. But i have the my-token present in the vault.
Has anyone encountered this problem before ? Any possible workaround that you can suggest.
EI version 6.2.0
Asked
Active
Viewed 394 times
3
-
Is this a clustered environment? Did you check from the management console if the "my-token" is available in the secure vault – Shanaka Dilan Premarathna Nov 04 '20 at 16:17
-
no it is not clustered, and yes `my-token` is available in the secure vault, also in the registry level secure vault. – Rooster Nov 04 '20 at 16:29
-
Can you try to add a new entry in the secure vault and check if it the same behavior for the new entry as well? – Shanaka Dilan Premarathna Nov 06 '20 at 10:49
-
@ShanakaPremarathna yes I have tried that, but it still the same. I can get the encrypted key, but when I'm doing the `vault-lookup` it does not return anything. – Rooster Nov 07 '20 at 04:13
-
I have tested a similar flowwith a EI 6.2.0 version and observe that this is working without any issues. I have used a log mediator to print the password value and it was printing as expected.
-
Could you confirm that you have run the following command before using the secure vault (./bin/ciphertool.sh -Dconfigure) https://docs.wso2.com/display/EI611/Working+with+Passwords+in+the+ESB+profile – Shanaka Dilan Premarathna Nov 07 '20 at 08:06
-
@ShanakaPremarathna again sorry for the late response, yes i have run all the configurations necessary, also i have tried it on a vanilla version on basic settings, it works. But my suspect is on Keystore. `wso2:vault-lookup('my-token')` doesn't return anything, however if i get the encrypted value, i can get it without any issue, but not the decrypted value (`'vault-lookup'`) – Rooster Nov 07 '20 at 17:32
2 Answers
2
Can you try the following approach?
Run the ciphertool.sh with the following command.
bin/ciphertool.sh -Dorg.wso2.CipherTransformation=RSA/ECB/OAEPwithSHA1andMGF1Padding
Enter the plain text value which you need to encrypt and copy the encrypted value
Navigate to the carbon console and expand the registry browse section.
Go to the following path.
/_system/config/repository/components/secure-vault
Above is the location where the registry holds the secure vault properties and the values.
Inside the secure vault, create a new property with a name and paste the encrypted value which you acquired from the initial step.
Try to get the property from the mediation sequence.
wso2:vault-lookup('prop-name')
Dileepa Disanayake
- 131
- 4
1
Since you have confirmed that this is working as expected in the vanilla version of the EI server, can you compare the configurations available in secret-conf.properties file located in [EI_HOME]/conf/security directory of the existing server and the vanilla pack (that this working).
Shanaka Dilan Premarathna
- 1,266
- 1
- 7
- 12
-
Yeap, i checked, both are identical (except for necessary path changes) – Rooster Nov 11 '20 at 17:34
-
yes, it's WUM updated, same WUM update on a different node, but in there everything works fine. – Rooster Nov 13 '20 at 15:34
-
Did you use the default Keystore or is it a different keystore – Shanaka Dilan Premarathna Nov 13 '20 at 15:45
-
different keystore. EDIT: both environments uses the same configs (apart from necessary changes), only 1 environment doesn't work. Same configs. Hard to pin point where the issue is. – Rooster Nov 13 '20 at 17:20