AEMaaCS and crypted passwords

[nikolay-v-atanasov]

Hey there,

I tried to create a user with an encrypted password on AEMaaCS, but I failed when I deployed the same code on another environment configured with the same crypto keys.

The sample code is this:

- user_config:
    - test-dam-de-publisher:
        - name: test-dam-de-publisher
          password: "{0907c37730de22f4f459f0e4fd0c7d21be4e58a976b7069dae27baddbc33fdd95fe7f6aaf7baebfb182414694acfff91}"
          path: /home/users/models

I get the error on the second environment: ": ERROR: Could not process yaml files / e=biz.netcentric.cq.tools.actool.authorizableinstaller.AuthorizableCreatorException: java.lang.IllegalArgumentException: Invalid password string starting with '{090..' (cannot be decrypted)"

Additionally, I configured system user actool-service to have jcr:all permissions on root of JCR
The crypto keys were generated on local environment following Adobe documentation https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/implementing/developing/aem-as-a-cloud-service-sdk, and exported as Content Package(/etc/key) and imported on other environments.

Thank you
Nikolay

[ghenzler]

Hi Nikolay,

for AEMaaCS it is better to use secrets as configured in cloud manager and reference them via the following mechanism:
https://github.com/Netcentric/accesscontroltool/blob/develop/docs/AdvancedFeatures.md#interpolate-values
(the /etc/key path for storing the master key is not supported for actual cloud environments, only for the SDK)