[OPENAM-15758] KeyStore Secret Store fails to start due to secretId having some special characters. Created: 06/Dec/19 Updated: 15/Sep/20 Resolved: 18/Mar/20
|Affects Version/s:||6.5.0, 6.5.1, 184.108.40.206, 220.127.116.11|
|Fix Version/s:||7.0.0, 6.5.3|
|Reporter:||C-Weng C||Assignee:||Lawrence Yarham|
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
|Sprint:||AM Sustaining Sprint 70, AM Sustaining Sprint 71, AM Sustaining Sprint 72, AM Sustaining Sprint 73|
|Support Ticket IDs:|
|Are the reproduction steps defined?:||
Yes and I used the same an in the description, Yes but I used my own steps. (If so, please add them in a new comment)
Secrets for the secretId say the store password secretId or the key password secretId in the KeyStoreSecretStore happens to be in a set of alphanumeric dot separated string.
When any other label is used for Id like underscore or hyphen, the secrets will fail. The issue is that there is not UI or software validation to prevent this for be configured and may cause system startup fails (if this happens on the important realm).
Create a Secret keystore but uses the secret password label with say "_" or "hyphen" in as part of the string. When this is used the following exception may be seen
|Comment by Peter Major [X] (Inactive) [ 14/Feb/20 ]|
Lawrence Yarham Trying to address your points:
To answer Darinder Shokar's point: The dot character is not forbidden. You can have dot characters in the secret ID, as long as they are not at the beginning or at the end of the secret ID. Also two dots may not follow each other. To quote the alphaNumWithDotOnly translation:
Put it differently, keystore.pass and keystore.entry.pass are both perfectly fine secret IDs, as long as those secret IDs are actually available through other secret stores.