Closed arffsaad closed 1 year ago
encrypted:
- column: name
token_type: str
tokenized: true
with these settings acra-server will tokenize data instead of encryption. so in your database you should expect replaced data instead of real data that you try to store.
I'm not familiar with chatwoot, so it requires more time to reproduce this case.
Will be much better if you show whole logs from acra-server, not only one error row. And try to start acra-server with -d
flag that turns on debug level logs before it.
Hi lagovas,
Thanks for the reply, yup my bad, got confused about that. Yes, i was expecting tokenization. But the data was kept as is, and no tokenization was done. I have used the same config on another db with another project, which was a php app. it works fine and tokenization was done as intended. Here are the logs. If you inspect it you can find the error that i mentioned. At the same time, i will also attach the structure of the table i was trying to perform tokenization.
Hi, my apologies for the delayed response. I tried to deploy chatwoot using docker-compose, added here acra-server with your encryptor config and see that it works as expected. I just extended it with:
acra-server:
image: cossacklabs/acra-server:current
restart: always
environment:
ACRA_MASTER_KEY: ${ACRA_SERVER_MASTER_KEY:-vcACAvdoLT24yWtjAEB/IVcBjjSx/MxOBveQWMq2V+o=}
ports:
- "9393:9393"
volumes:
- /tmp/.acrakeys:/keys
- /tmp/encryptor-config.yaml:/encryptor-config.yml
- /tmp/acra/tests/ssl:/ssl
- /tmp/logs:/tmp/logs
command: >-
--db_host=postgres
--client_id=client
--db_port=5432
--keys_dir=/keys
--encryptor_config_file=/encryptor-config.yml
--tls_auth=4
--tls_ca=/ssl/ca/ca.crt
--tls_cert=/ssl/acra-server/acra-server.crt
--tls_key=/ssl/acra-server/acra-server.key
--log_to_file=/tmp/logs/log.txt
-d
with acra-server's container, with pre-generated keys on the host machine for --client_id=client
and using SSL certs from Acra repository just because it is already existing self-signed with expected server name acra-server
. Additionally, I updated .env file (used .env.example from the chatwoot's repo) with
DATABASE_URL=postgresql://test:test@acra-server:9393/chatwoot?sslmode=disable
#POSTGRES_DATABASE=
#POSTGRES_HOST=localhost
#POSTGRES_PORT=9393
#POSTGRES_USERNAME=test
#POSTGRES_PASSWORD=test
to avoid complications with the SSL and just to test with statically specified client_id
.
After initial chatwoot's registration, I found tokenized name
value in the database queries directly to PostgreSQL.
So, please try this configuration one more time or provide some environment to reproduce your problem. For example as docker-compose script of deployment or something reproducible.
P.S. I read your log file and found error: time="2022-09-29T08:31:24Z" level=error msg="Column count in RowDescription packet not same as parsed query count of columns"
. My first thought was that problem with incorrect encryptor_config and table description or inappropriate table's schema in the database. Or issue related to recently fixed problem with quoted columns (RoR wraps identifiers with double quotes like select "inboxes".* from "inboxes" where "inboxes"."channel_type" = $1
, but it is works with 0.93.0 without fixes.
P.S.2 I tested with cossacklabs/acra-server:0.93.0
and :current
(current master state) images, works both.
P.S.3 Keep in mind that in my example of acra-server's container I used configs and certs from the host machine from the /tmp folder. Use your own or place into the same place.
I close it due to looks like works and no answer for a month. Feel free to re-open if it continues not working and steps to reproduce.
Describe the bug I have used acra for my own projects with both mysql and postgres and it works like a charm. Now i am trying to encrypt the database (PostgreSQL) of a chat app based on rails (chatwoot) but it seems like encryption doesn't seem to work at all.
The error that comes is written as:
time="2022-09-28T06:57:05Z" level=error msg="Column count in RowDescription packet not same as parsed query count of columns
To Reproduce Steps to reproduce the behavior:
Expected behavior Acra does not show this error, and chatwoot data is encrypted succesfully with no issues.
Acra configuration files For AcraServer: acra-server.yaml
acra-encryptor.yaml
Environment: