Enhanced Password Protection - Troubleshooting

This pages describes how to verify that the feature is enabled and addresses possible configuration issues and solutions.

Verify that enhanced password protection feature is enabled

If enhanced password protection is setup correctly, you should find a following line in management-service.log (with a correct path to the key file):

INFO SecretVaultFactory - Initializing a new factory, encryption is enabled, path to key is set to C:/SafeQ6/data-protection/management-key.txt.

Component (Management, LDAP, or DB-validator) Does Not Start

For each component you can find logs file in: <safeq_folder>\Management\logs

Component

Log file

Management

management-service.log

LDAP

replicator.log

DB-validator

db-validator.log

IMS

\ims\infrastructure-service.log


Check the log and analyze all error messages. There might be following problems:

Wrong path to key for data protection

You can see in the log file:

Caused by: com.ysoft.security.dataprotection.DataProtectionRuntimeException: File 'C:\SafeQ6\data-protection\wrong-key.txt' does not exist.

How to fix it:

Set the correct path to key in configuration file for given component. For example in safeq.properties:

dataProtection.pathToKey = C:/SafeQ6/data-protection/management-key.txt

Do it analogically for other configuration files.

Passwords are encrypted, but pathToKey is not set

You can see in the log file:

Caused by: com.ysoft.security.dataprotection.CannotDecryptSecretRuntimeException: Secret 'database.cluster.management.password' cannot be decrypted: Secret is encrypted but encryption/decryption is disabled.

You can see e.g. in configuration file safeq.properties:

database.global.management.password = ENCSTR:atI1EphGThRwJBIgdhGqAwCCO2SNvhTiwZt3qIGOljqw9r6iacMbGJT6fBtE7bnv
dataProtection.pathToKey =

How to fix it:

Set the correct path to key in safeq.properties.

dataProtection.pathToKey = C:/SafeQ6/data-protection/management-key.txt

Do it analogically for other configuration files.

Passwords are encrypted, but wrong password, secret name or key is set

You can see in the log file:

Caused by: com.ysoft.security.dataprotection.CannotDecryptSecretRuntimeException: Secret 'databaseWarehouse.global.management.password' cannot be decrypted: Failing fast - loading secret that is not authentic.

How to fix it:

Set the correct password:

database.global.management.password = ENCSTR:atI1EphGThRwJBIgdhGqAwCCO2SNvhTiwZt3qIGOljqw9r6iacMbGJT6fBtE7bnv

Make sure the password was encrypted using the correct name.

Set the correct path to key in safeq.properties:


dataProtection.pathToKey = C:/SafeQ6/data-protection/management-key.txt

Make sure the encrypted password was rewritten (copied) correctly.


Do it analogically for other configuration files.