weizhouapache commented on PR #6812: URL: https://github.com/apache/cloudstack/pull/6812#issuecomment-1478295275
> > @BryanMLima last time the error happened with fresh installation. let's wait trillian to build a testing environment. > > please also take the database migration into consideration. https://cwiki.apache.org/confluence/display/CLOUDSTACK/New+database+encryption+cipher+-+AeadBase64Encryptor#NewdatabaseencryptioncipherAeadBase64Encryptor-5.cloudstack-migrate-databaseschanges With this PR, only the encrypted values in domain_details/account_details need to be decrypted with old db key and then re-encrypted with new db key in database migration. > > @weizhouapache I do not understand why they would need to be re-encrypted as the goal of this PR is to keep these values decrypted. Reading the new database migration docs, if I understood correctly, I would need to decrypt using encryptor V2 and if that doesn't work, use the V1 encryptor. @BryanMLima With this pr, most account/domain details will not be decrypted. However, there might be some details (secure/hidden configuration) are still encrypted. The database migration process needs to be modified for these encrypted values. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
