search

magento / ece-tools

All Submissions you make to Magento Inc. (“Magento") through GitHub are subject to the following terms and conditions: (1) You grant Magento a perpetual, worldwide, non-exclusive, no charge, royalty free, irrevocable license under your applicable copyrights and patents to reproduce, prepare derivative works of, display, publically perform, sublicense and distribute any feedback, ideas, code, or other information (“Submission") you submit through GitHub. (2) Your Submission is an original work of authorship and you are the owner or are legally entitled to grant the license stated above. (3) You agree to the Contributor License Agreement found here: https://github.com/magento/magento2/blob/master/CONTRIBUTOR_LICENSE_AGREEMENT.html
Open Software License 3.0
117 stars 83 forks source link

Can't update crypt key from project UI or CLI #814

Open KevinBodwell opened 1 year ago

KevinBodwell commented 1 year ago

As an inhouse developer for a new merchant tasked with migrating an existing M2 site to Adobe Commerce Cloud my plan is to migrate the DB to Commerce Cloud infrastructure. This requires the crypt key to stay the same, as documented here:

https://experienceleague.adobe.com/docs/commerce-knowledge-base/kb/troubleshooting/miscellaneous/resolve-issues-with-encryption-key.html?lang=en

The documentation clearly states that to do so I should set the CRYPT_KEY variable. In this package, the crypt key is set in this class: https://github.com/magento/ece-tools/blob/54e511e56fffcceb24fe353573f61d2cb7e6c11a/src/Step/Deploy/SetCryptKey.php

Alternately the KB article also suggests to edit the env.php file which is not possible in the ready only environment.

The problems lies in the order in which new instances are set up. When onboarding no one asks if we have a crypt key we want to set, and as a customer newly signing up we are not given access to the project until after the first code deploy occurs. During this first install of Magento the crypt key is creating and set in env.php

Note on this line of this line, that the function checks for an existing crypt key in the current config (env.php) and returns if it exists. https://github.com/magento/ece-tools/blob/54e511e56fffcceb24fe353573f61d2cb7e6c11a/src/Step/Deploy/SetCryptKey.php#L72

Therefore reading a new value from CRYPT_KEY in set in the project will never be evaluated and that KB article's instructions will not work.

Preconditions

  1. Newly deployed Cloud account with code

Steps to reproduce

  1. From Project UI, or using CLI tool, set CRYPT_KEY variable for production or staging
  2. Allow project to redeploy, or force redeployment by pushing/merging new code.

Expected result

  1. Crypt key would be updated with value from project/environment variables.

Actual result

Crypt key stays original value.

My method to solve:

Created a patch which looks at a second variable and will allow the update if that second variable is set to anything not empty.

index 8874348..122eb0d 100644
--- a/vendor/magento/ece-tools/src/Step/Deploy/SetCryptKey.php
+++ b/vendor/magento/ece-tools/src/Step/Deploy/SetCryptKey.php
@@ -69,7 +69,7 @@ class SetCryptKey implements StepInterface
     {
         $this->logger->info('Checking existence of encryption key');

-        if (!empty($this->configReader->read()['crypt']['key'])) {
+        if (!empty($this->configReader->read()['crypt']['key']) && empty($this->environment->getVariable('UPDATE_CRYPT_KEY'))) {
             return;
         }