Hello, I just follow the README.md, and I can't re-import the data. <div class="sn

I'm facing the same issue with medusa v0.3.1 <div class="snippet-clipboard-content

Hi <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="

I don't know if it can help, but I just try something: <div class="snippet-clipboa

Unable to import an encrypted backup about medusa HOT 7 CLOSED

jonasvinther commented on September 3, 2024

Unable to import an encrypted backup

from medusa.

Comments (7)

jonasvinther commented on September 3, 2024 1

I'm closing this one since I haven't been able to reproduce. I think that you have some special data some where in your Vault that Medusa is not able to handle. Feel free to re-open if you have any additional information that can help me reproduce this error.

from medusa.

mateustanaka commented on September 3, 2024 1

I'm facing the same issue with medusa v0.3.1

$ ./medusa import kv encrypted-vault-secrets.txt --address="http://127.0.0.1:8200" --token="xxxxxxxxxxx" --decrypt="true" --private-key="private-key.pem"
panic: runtime error: index out of range [0] with length 0

goroutine 1 [running]:
github.com/jonasvinther/medusa/pkg/encrypt.Decrypt(0x7ffe151c6c79, 0xf, 0x7ffe151c6bfd, 0x1b, 0xc0000b905b, 0x1, 0x0, 0xb)
/home/runner/work/medusa/medusa/pkg/encrypt/encrypt.go:46 +0x41d
github.com/jonasvinther/medusa/cmd.glob..func4(0xd37840, 0xc0000bede0, 0x2, 0x6, 0x0, 0x0)
/home/runner/work/medusa/medusa/cmd/import.go:46 +0x3fa
github.com/spf13/cobra.(*Command).execute(0xd37840, 0xc0000bed80, 0x6, 0x6, 0xd37840, 0xc0000bed80)
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:850 +0x47c
github.com/spf13/cobra.(*Command).ExecuteC(0xd37060, 0xc00003a778, 0xc00010ff78, 0x4062c5)
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:958 +0x375
github.com/spf13/cobra.(*Command).Execute(...)
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:895
github.com/jonasvinther/medusa/cmd.Execute(...)
/home/runner/work/medusa/medusa/cmd/cmd.go:59
main.main()
/home/runner/work/medusa/medusa/main.go:10 +0x32

$ wc -l encrypted-vault-secrets.txt 
2 encrypted-vault-secrets.txt

from medusa.

jonasvinther commented on September 3, 2024

Hi @sebPomme ,
Thanks for reaching out!

First of all can you verify that the export and import is working when exporting using plain text?

Next I see that it's failing when it's trying to read line 1 in your export file encrypted-vault-secrets.txt. If you open the file in a text editor you should see that the file contains only two lines. Becuase it look's like it cannot read the first line of the file.
Can you maybe try with another dataset?

from medusa.

sebPomme commented on September 3, 2024

Hi,

Thanks for this reply,
first the test without encryption:

pomme@shark medusa % ./bin/medusa export kv-certificates_backup --token="$(vault print token)" --output="vault-secrets.txt"
pomme@shark medusa % wc -l vault-secrets.txt 
68632 vault-secrets.txt
pomme@shark medusa % ./bin/medusa import kv-temporaire vault-secrets.txt --token="$(vault print token)"
Secret successfully written to Vault [https://vault.exemple.org:443] using path [/one]
Secret successfully written to Vault [https://vault.exemple.org:443] using path [/two]
.....
Secret successfully written to Vault [https://vault.exemple.org:443] using path [/68632]
pomme@shark medusa % echo $?
0

✅

I created a new dataset and test with it.

pomme@shark medusa % ./bin/medusa export github_issue --token="$(vault print token)" --encrypt true --public-key="public-key.pem" --output="encrypted-vault-secrets.txt"
pomme@shark medusa % wc -l encrypted-vault-secrets.txt 
2 encrypted-vault-secrets.txt
pomme@shark medusa % ./bin/medusa import kv-temporaire encrypted-vault-secrets.txt --token="$(vault print token)" --decrypt="true" --private-key="private-key.pem"
Secret successfully written to Vault [https://vault.exemple.org:443] using path [/*three]
Secret successfully written to Vault [https://vault.exemple.org:443] using path [/3]
Secret successfully written to Vault [https://vault.exemple.org:443] using path [/one]
Secret successfully written to Vault [https://vault.exemple.org:443] using path [/two]
pomme@shark medusa % vault kv get kv-temporaire/"*three"                                  
====== Metadata ======
Key              Value
---              -----
created_time     2021-05-04T18:59:38.263007969Z
deletion_time    n/a
destroyed        false
version          1

==== Data ====
Key      Value
---      -----
18759    18759

Is this help ?

from medusa.

jonasvinther commented on September 3, 2024

Thank you for providing more information.
So the first test with no encryption and the same datasets went well. I see that your export is 68632 lines long? I must admit that I haven't tested Medusa with such a large dataset. I appreciate your help in order to debug this error. Maybe I need to create a very large dataset to test with.

Does the exported file also contains exact two lines when you do the encrypted export of the kv-certificates_backup dataset?

from medusa.

sebPomme commented on September 3, 2024

I wrote 68632 for anonymise my key names this is not the number of secrets.

Actually I have 544 secret in kv-certificates_backup.
Each secret have nearly this form:

{                                                                                                                                 
  "*.domain.name": {
    "cert": "-----BEGIN CERTIFICATE-----\n.........",
    "chain": "\n-----BEGIN CERTIFICATE-----\n.......",
    "fullchain": "-----BEGIN CERTIFICATE-----\n.......",
    "key": "-----BEGIN RSA KEY-----\n........",
    "owner": "software-name",
    "timestamp": ""
  }
}

And yeah, with the encrypted export the file have only 2 lines.

pomme@requin medusa % ./bin/medusa export kv-certificates_backup --token="$(vault print token)" --encrypt true --public-key="public-key.pem" --output="encrypted-vault-secrets.txt" 
pomme@requin medusa % wc -l encrypted-vault-secrets.txt
2 encrypted-vault-secrets.txt

from medusa.

sebPomme commented on September 3, 2024

I don't know if it can help, but I just try something:

pomme@requin medusa % ./bin/medusa export kv-certificates_backup --token="$(vault print token)" | openssl rsautl -encrypt -oaep -pubin -inkey public-key.pem -in - -out encrypted-vault-secrets.openssl
RSA operation error
139845753628480:error:0409A06E:rsa routines:RSA_padding_add_PKCS1_OAEP_mgf1:data too large for key size:crypto/rsa/rsa_oaep.c:61:

But it's works with a light-way volume:

pomme@requin medusa % ./bin/medusa export github_issue --token="$(vault print token)" | openssl rsautl -encrypt -oaep -pubin -inkey public-key.pem -in - -out encrypted-vault-secrets.openssl
pomme@requin medusa % openssl rsautl -decrypt -oaep -inkey private-key.pem -in encrypted-vault-secrets.openssl 
'*three':
  "18759": "18759"
"3":
  "18759": "18759"
one:
  data: for
  debug: purposes
  some: random
two:
  "18759": "18759"

from medusa.

Unable to import an encrypted backup about medusa HOT 7 CLOSED

Comments (7)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent