- My goal: I want to decrypt credentials used by resources in order to migrate the resource to another environment.
- Issue: I am running the decrypt script but it does not work as expected.
- Retool version & hosting setup (Docker, K8s, cloud provider, etc.): I am using K8s manifest deployment on a GKE cluster with Retool version:
3.148.14. - Error message(s) or screenshots:
This is the error that I am getting when trying to execute the decrypt script:
marcussantos@Marcuss-MacBook-Air ~ % kubectl exec -it retool-api -- node --no-warnings -e "let c = crypto.createDecipher('aes192', '$ENCRYPTION_KEY'); console.log(c.update('2ba39a9dee70e0b1679ce08026c0c9c5', 'hex', 'utf8') + c.final('utf8'))"
node:internal/crypto/cipher:199
const ret = this[kHandle].final();
^
Error: error:1C800064:Provider routines::bad decrypt
at Decipher.final (node:internal/crypto/cipher:199:29)
at [eval]:1:122
at runScriptInThisContext (node:internal/vm:143:10)
at node:internal/process/execution:100:14
at [eval]-wrapper:6:24
at runScript (node:internal/process/execution:83:62)
at evalScript (node:internal/process/execution:114:10)
at node:internal/main/eval_string:30:3 {
library: 'Provider routines',
reason: 'bad decrypt',
code: 'ERR_OSSL_BAD_DECRYPT'
}
Node.js v18.20.4
command terminated with exit code 1
marcussantos@Marcuss-MacBook-Air ~ %
- What I’ve tried so far: If I deploy a new GKE cluster using K8s manifest with the exact same version, it's working fine. I am following the same process to set the encryption_key, pull the value when running the decrypt, etc... Everything works fine on a fresh environment.
note: the retool deployment with the was deployed a long time ago (2022). I don't know if can be related.