This question is in reference to Atlassian Documentation: System-wide encryption
Got all Atlassian products on one vm and bamboo on another vm. Enabled inward access on all ports. They're all sharing postgre db.
Application links are fine, shared user directories are fine. Ssh is enabled with default base url. git executable is specified.
I try to create repository link to Bitbucket but
get Unable to read cipher data for 0
Database part of instance key is unavailable
Cipher initialisation vector is unavailable
...\bamboo-home\xml-data\configuration\cipher\cipher.key_0 is empty
I had several things going wrong:
1) The cipher file didn't have write access for the user running the service, which for me, was local_system.
2) The cipher didn't get regenerated on start of service because the public key had been added to Bitbucket and apparently that's how it decides to make a new cipher pair or not.
1) I deleted the cipher file with 0 bytes, just because.
2) sorted out the permissions properly
3) Removed all records that contained the value bamboo in table: authcode_SSH_PUBLIC_KEY which i found under our stash db.
4) stopped and started the service again.
Christian advised looking for the records under a bandana table
The keys are stored in the BANDANA table, and the query to delete them is the following:
DELETE FROM BANDANA WHERE BANDANA_KEY='com.atlassian.restricted.instance.cipher.key_0' OR BANDANA_KEY='com.atlassian.restricted.instance.cipher.iv_0'
If there's any data in the database that already has been encrypted, then it won't be accessible anymore because you're missing the cipher already, so you may need to start with a brand new home directory and set up the database from scratch using the setup wizard.
Deleting these keys in the database will destroy the setup, as these keys are the keys used to encrypt the data in the database:
Would NOT recommend this!
The cipher file should be generated at startup, but if the generation fails (for instance due to lack of permissions), then the cipher file won't be generated and you'll see errors like the one you're seeing.
It'll be best to open a ticket with Bamboo Support via support.atlassian.com so we can take a look. When you open the ticket, please create a support zip so we can get started right away.
Premier Support Engineer
Thank you Christian, I've submitted request, but just for my own learning:
1) What permissions are needed?
2) By "startup", do you mean during the setup wizard? or start of service?
3) Is there no way to get bamboo/any-Atlassian-product to generate the keys post startup? no genKeys.exe?
xml-data/configurationdirectory that should be sufficient (unless the
xml-data/configuration/cipherdirectory already exists, in which case the user also needs write permission on that one)
I had the same error. I was running Bamboo and Bitbucket (both configured to run as a windows service) and was able to configure the Application links between them. But when I was trying to create a new plan and link it to a Bitbucket repository it was failing with the below error.
2017-03-05 12:50:38,815 FATAL [http-apr-8085-exec-23] [SecretEncryptionServiceImpl]
java.lang.RuntimeException: java.nio.file.AccessDeniedException: \bamboo-home\xml-data\configuration\cipher\cipher.key_0
2017-03-05 12:50:38,820 FATAL [http-apr-8085-exec-23] [InstanceSecretStorage] Database part of instance key is unavailable
2017-03-05 12:50:38,820 FATAL [http-apr-8085-exec-23] [InstanceSecretStorage] Cipher initialisation vector is unavailable
2017-03-05 12:50:38,821 ERROR [http-apr-8085-exec-23] [CreateChain]
java.lang.IllegalArgumentException: Unable to read cipher data for 0
Actions taken to resolve:
The Bamboo service was running as a Local System user (This happened by default when installing Bamboo using the .exe installer option. Whereas with Bitbucket installer the service was installed with a separate service account which had adequate permissions) which did not have access to bamboo-home\xml-data\configuration\cipher. To fix this I just used created a seperate account with Full Access permissions to the file-system and configured Bamboo service to run as this user.
I just happen to see this question, and found when I had the similar error, got solved by accessing to xml-data\configuration\cipher directory and it asked whether I want to allow permissions to this directory, so did yes. then I was able to create bamboo plan and cipher_key was able to create under this directory.
I struggled with this issue today after trying to switch from the embedded database to an external one.
Installation would succeed, but after getting to the "Create Plan" page it would fail to create the cipher. My solution on windows was to toggle off readonly for the cipher folder, and apply the changes.
Immediately following this, submit the "Create Plan" page. Cipher was created correctly and I was able to continue to "Configure Tasks".
If done quickly bamboo wont have time to reset the folder to readonly before the file is created.
Hope this helps.
Atlassian Summit is an excellent opportunity for in-person support, training, and networking.Learn more
👋Community members! Downtime happens. And great incident response takes a village. Teams like Support, Dev, SRE, Ops, IT, and Marketing have to come together to resolve the problem while keep...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG