BryanMLima commented on PR #6812: URL: https://github.com/apache/cloudstack/pull/6812#issuecomment-1478326817
> > > @BryanMLima last time the error happened with fresh installation. let's wait trillian to build a testing environment. > > > please also take the database migration into consideration. https://cwiki.apache.org/confluence/display/CLOUDSTACK/New+database+encryption+cipher+-+AeadBase64Encryptor#NewdatabaseencryptioncipherAeadBase64Encryptor-5.cloudstack-migrate-databaseschanges With this PR, only the encrypted values in domain_details/account_details need to be decrypted with old db key and then re-encrypted with new db key in database migration. > > > > > > @weizhouapache I do not understand why they would need to be re-encrypted as the goal of this PR is to keep these values decrypted. Reading the new database migration docs, if I understood correctly, I would need to decrypt using encryptor V2 and if that doesn't work, use the V1 encryptor. > > @BryanMLima With this pr, most account/domain details will not be decrypted. However, there might be some details (secure/hidden configuration) are still encrypted. The database migration process needs to be modified for these encrypted values. @weizhouapache I understand, however, the goal of this PR is to decrypt the values that are not in the `Secure/Hidden` category in the migration process, as they are wrongly encrypted. I do not see how decrypting and re-encrypting the value in the `Secure/Hidden` category has any relation to this PR goal, as they are not the problem to be solved. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
