Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't update crypt key from project UI or CLI #814

Open
KevinBodwell opened this issue Jul 10, 2023 · 0 comments
Open

Can't update crypt key from project UI or CLI #814

KevinBodwell opened this issue Jul 10, 2023 · 0 comments
Labels
Progress: ready for grooming
Projects
Backlog

Comments

@KevinBodwell
Copy link

As an inhouse developer for a new merchant tasked with migrating an existing M2 site to Adobe Commerce Cloud my plan is to migrate the DB to Commerce Cloud infrastructure. This requires the crypt key to stay the same, as documented here:

https://experienceleague.adobe.com/docs/commerce-knowledge-base/kb/troubleshooting/miscellaneous/resolve-issues-with-encryption-key.html?lang=en

The documentation clearly states that to do so I should set the CRYPT_KEY variable. In this package, the crypt key is set in this class:
https://github.com/magento/ece-tools/blob/54e511e56fffcceb24fe353573f61d2cb7e6c11a/src/Step/Deploy/SetCryptKey.php

Alternately the KB article also suggests to edit the env.php file which is not possible in the ready only environment.

The problems lies in the order in which new instances are set up. When onboarding no one asks if we have a crypt key we want to set, and as a customer newly signing up we are not given access to the project until after the first code deploy occurs. During this first install of Magento the crypt key is creating and set in env.php

Note on this line of this line, that the function checks for an existing crypt key in the current config (env.php) and returns if it exists.

ece-tools/src/Step/Deploy/SetCryptKey.php

Line 72 in 54e511e

if (!empty($this->configReader->read()['crypt']['key'])) {

Therefore reading a new value from CRYPT_KEY in set in the project will never be evaluated and that KB article's instructions will not work.

Preconditions

  1. Newly deployed Cloud account with code

Steps to reproduce

  1. From Project UI, or using CLI tool, set CRYPT_KEY variable for production or staging
  2. Allow project to redeploy, or force redeployment by pushing/merging new code.

Expected result

  1. Crypt key would be updated with value from project/environment variables.

Actual result

Crypt key stays original value.

My method to solve:

Created a patch which looks at a second variable and will allow the update if that second variable is set to anything not empty.

index 8874348..122eb0d 100644
--- a/vendor/magento/ece-tools/src/Step/Deploy/SetCryptKey.php
+++ b/vendor/magento/ece-tools/src/Step/Deploy/SetCryptKey.php
@@ -69,7 +69,7 @@ class SetCryptKey implements StepInterface
     {
         $this->logger->info('Checking existence of encryption key');
 
-        if (!empty($this->configReader->read()['crypt']['key'])) {
+        if (!empty($this->configReader->read()['crypt']['key']) && empty($this->environment->getVariable('UPDATE_CRYPT_KEY'))) {
             return;
         }
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Progress: ready for grooming
Projects
Backlog
Ready for Grooming
Milestone
No milestone
Development

No branches or pull requests
1 participant
@KevinBodwell