Enhanced Password Protection - Troubleshooting
This pages describes how to verify that the feature is enabled and addresses possible configuration issues and solutions.
Verify that enhanced password protection feature is enabled
If enhanced password protection is setup correctly, you should find a following line in management-service.log (with a correct path to the key file):
INFO SecretVaultFactory - Initializing a new factory, encryption is enabled, path to key is set to C:/SafeQ6/data-protection/management-key.txt.Component (Management, LDAP, or DB-validator) Does Not Start
For each component you can find logs file in: <safeq_folder>\Management\logs
Component | Log file |
Management | management-service.log |
LDAP | replicator.log |
DB-validator | db-validator.log |
IMS | \ims\infrastructure-service.log |
Check the log and analyze all error messages. There might be following problems:
Wrong path to key for data protection
You can see in the log file:
Caused by: com.ysoft.security.dataprotection.DataProtectionRuntimeException: File 'C:\SafeQ6\data-protection\wrong-key.txt' does not exist.How to fix it:
Set the correct path to key in configuration file for given component. For example in safeq.properties:
dataProtection.pathToKey = C:/SafeQ6/data-protection/management-key.txtDo it analogically for other configuration files.
Passwords are encrypted, but pathToKey is not set
You can see in the log file:
Caused by: com.ysoft.security.dataprotection.CannotDecryptSecretRuntimeException: Secret 'database.cluster.management.password' cannot be decrypted: Secret is encrypted but encryption/decryption is disabled.You can see e.g. in configuration file safeq.properties:
database.global.management.password = ENCSTR:atI1EphGThRwJBIgdhGqAwCCO2SNvhTiwZt3qIGOljqw9r6iacMbGJT6fBtE7bnvdataProtection.pathToKey =How to fix it:
Set the correct path to key in safeq.properties.
dataProtection.pathToKey = C:/SafeQ6/data-protection/management-key.txtDo it analogically for other configuration files.
Passwords are encrypted, but wrong password, secret name or key is set
You can see in the log file:
Caused by: com.ysoft.security.dataprotection.CannotDecryptSecretRuntimeException: Secret 'databaseWarehouse.global.management.password' cannot be decrypted: Failing fast - loading secret that is not authentic.How to fix it:
Set the correct password:
database.global.management.password = ENCSTR:atI1EphGThRwJBIgdhGqAwCCO2SNvhTiwZt3qIGOljqw9r6iacMbGJT6fBtE7bnvMake sure the password was encrypted using the correct name.
Set the correct path to key in safeq.properties:
dataProtection.pathToKey = C:/SafeQ6/data-protection/management-key.txtMake sure the encrypted password was rewritten (copied) correctly.
Do it analogically for other configuration files.