Unknown cipher data id 0 when performing certain actions in Bamboo on Windows after switching Bamboo to run as a Service

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Problem

Certain actions within Bamboo present a java.lang.IllegalArgumentException: Unknown cipher data id 0 exception after switching Bamboo to run as a Windows Service. Actions include but not limited to:

  • Creating / deleting / viewing a repository.
  • Shared credentials UI.
  • Variables UI.
  • Starting a plan or build.

Diagnosis

A stack trace similar to the following is shown in the UI (and logged to atlassian-bamboo.logwhen performing certain actions in Bamboo:

2017-05-18 22:29:26,005 WARN [10-BAM::PlanExec:pool-18-thread-4] [PlanExecutionManagerImpl] Unknown error during doWithProcessLock
io.atlassian.util.concurrent.LazyReference$InitializationException: java.lang.IllegalArgumentException: Unknown cipher data id 0
 at io.atlassian.util.concurrent.LazyReference.getInterruptibly(LazyReference.java:156)
 at io.atlassian.util.concurrent.LazyReference.get(LazyReference.java:116)
 at com.atlassian.bamboo.plan.cache.AbstractImmutableChain.getPlanRepositoryDefinitions(AbstractImmutableChain.java:263)
...
Caused by: java.lang.IllegalArgumentException: Unknown cipher data id 0
	at com.google.common.base.Preconditions.checkArgument(Preconditions.java:122)
	at com.atlassian.bamboo.crypto.instance.InstanceSecretStorage.getCipherData(InstanceSecretStorage.java:105)
	at com.atlassian.bamboo.crypto.instance.InstanceSecretStorage.getKeyAndIv(InstanceSecretStorage.java:95)

Both of the below criteria are true:

  • <BAMBOO-HOME>/xml-data/configuration/cipher/cipher.key_0 exists as a non 0 byte file.

  • The below SQL statement returns two rows:

    SELECT * 
  FROM BANDANA
WHERE BANDANA_KEY LIKE '%cipher%';

Cause

Bamboo 5.15.x shipped with a new System-wide encryption feature. The encryption key is stored in the database and on the filesystem. Both the filesystem and the database key parts are required to perform successful decryption. The key part stored on your filesystem is located under <BAMBOO-HOME>/xml-data/configuration/cipher.

When Bamboo first generates the filesystem key part, it limits ownership and access of this file to only the user running Bamboo. We see this cause issues on Windows as the the user running the process often gets changed when configuring Bamboo to run as a service as opposed to a console application. When the process is started as a different user to the user running Bamboo when the filesystem key part was first generated, Bamboo can no longer access the filesystem key part.

Resolution

Correct the Security ACL (Right click > Properties > Security) on both the cipher directory and cipher key so that the user that's starting Bamboo has ownership:

- <BAMBOO-HOME>/xml-data/configuration/cipher/
-- <BAMBOO-HOME>/xml-data/configuration/cipher/cipher.key_0

For a Windows Service running as the LOCAL SYSTEM user; ensure that the BUILT-IN\Administrators group has ownership.

Last modified on Nov 2, 2018

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.