Decrypt env variable from existing gocd pipeline from Go Version: 16.1.0

Roshin Kulakkunnath

unread,

Aug 5, 2021, 3:42:40 AM8/5/21

to go-cd

HI All

Appreciate if anyone can assist as I am moving some legacy stuff from my pipeline which is on Go Version: 16.1.0(2855-ada9b36174cc069c860e7fa032cbf2857f135cfb)

The encryption is blocking me to decrypt the config file. Is there a way to get the actual value from

<variable name="KEYSTORE_KEY" secure="true"> <encryptedValue>blahblah</encryptedValue> </variable> <variable name="CREDENTIAL_KEY" secure="true"> <encryptedValue> blahblah</encryptedValue> </variable>

Thanks in Advance

Roshin

Alain Trinh

unread,

Aug 15, 2021, 7:51:12 AM8/15/21

to go-cd

Hello Roshin,

I remember the GoCD support team had provided us with a way (java code, bundled in one jar) to convert all our secrets ("secure vars") when we moved from version 17.11, thus involving decryption then encryption with AES algorithm. If you have access to the original cipher file, I guess you can manage to run that utility.

Best regards,

Alain

Ketan Padegaonkar

unread,

Aug 15, 2021, 10:40:19 PM8/15/21

to go...@googlegroups.com

This thread may be relevant: https://groups.google.com/g/go-cd-dev/c/W4iHAi5ySR8/m/bhD8QlrqFwAJ

- Ketan

--
You received this message because you are subscribed to the Google Groups "go-cd" group.
To unsubscribe from this group and stop receiving emails from it, send an email to go-cd+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/f7551f23-4dce-4c35-a08f-987c8bb63ae6n%40googlegroups.com.

Ketan Padegaonkar

unread,

Aug 15, 2021, 10:44:48 PM8/15/21

to go...@googlegroups.com

Alain — I'm the one who authored that code sent to you by the support team, but seem to have deleted it from github, and am unable to trace it in my thoughtworks support email thread. If you (or someone on your team) happen to have a copy of it, please feel free to post it here.

- Ketan

On Sun, Aug 15, 2021 at 5:21 PM Alain Trinh <alain...@gmail.com> wrote:

--

Ketan Padegaonkar

unread,

Aug 15, 2021, 10:58:29 PM8/15/21

to go...@googlegroups.com

This issue may be relevant: someone was using this snippet to encrypt the strings using openssl. It should be possible to decrypt it with openssl. I'm not too familiar with the openssl command line, but you'd probably do this:

echo -n 'YOUR-ENCRYPTED-PASS-INPUT' | openssl enc -des-cbc -d -a -iv 0 -K $(cat /etc/go/cipher)'

- Ketan

--

You received this message because you are subscribed to the Google Groups "go-cd" group.
To unsubscribe from this group and stop receiving emails from it, send an email to go-cd+un...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/417e82fa-f2f4-42be-900d-a61ebbab2217n%40googlegroups.com.

Alain Trinh

unread,

Aug 19, 2021, 9:57:29 AM8/19/21

to go-cd

Hello Ketan,

I am off on vacation. We do have a copy of the jar file, I can post it once I get back to work.

Alain

Alain Trinh

unread,

Sep 3, 2021, 12:18:01 PM9/3/21

to go-cd

Hello,

Here is the Java file for the Scratch class, that contains among others the method decryptDES. Ketan had provided us some instructions on how to call the class.

Best regards,

Alain

Scratch.java

Reply all

Reply to author

Forward