Config section encryption


(Harmeet Sra) #1

Hello There,

In Build process I am using Step definition “Configuration - Encrypt Section” (created by cjuroz) to encrypt connection strings for my web app.

When I am deploying it’s creating wrong ciphers, When I go to step definition and do “Run” and provide all required parameter by pointing out same folder where deployment process deploys, it encrypt correctly and I can connect to database.

There is no error but creating wrong encryption. Not sure what is the difference in executing from Step definition “Run” command and running that step as part of project deployment.

Can you please help me out for the same?

Thanks and Regards

(Henrik Andersson) #2

Hi Harmeet,

Thanks for getting in touch and I’m sorry to hear that you are having these issues.

Can you send through how you’ve configured the step in your deployment process (including any values for values used in the step configuration) and also when you manually Run the step template.

Thank you and best regards,

(Harmeet Sra) #3

Hi Henrik,

Please find below screen shot for step config in process

This is child step of another step as show in this image

Please let me know if you need more information for the same.


(Henrik Andersson) #4

Hi Harmeet,

It doesn’t look like that step is based on the step template from the Library, can you tell me what version of Octopus you are running? (If you’re on an older version I might be incorrect in my thinking below)

Your step:

Step based on the Library step template:

Is it possible that you have a local step template that is being used in your deployment process, or have you modified the Library step template in anyway (as this would force you to save a local copy and renaming it)?


(Harmeet Sra) #5

Hi Hnerik,

This is same step, I just saved a local copy to my Octopus instance and given different name as you can’t use same name.

We are using Octopus version v2018.6.14.

There are no changes to commands being used, I have only removed extra files param from step.

Also I tried with original step as well and having similar behaviour.

As I mentioned if I run Step manually it works OK and encryption is correct, somehow doesn’t do same encryption when it’s part of deployment process.

There is no error just ciphers are not correct.


(Henrik Andersson) #6

Hi Harmeet,

Could you send through an export of your step template, just so I can run some tests locally.


(Harmeet Sra) #7

HI Henrik,

I have attached step export as requested. Powershell script works OK even if I run contents of script manually on my server. Only time it generate wrong ciphers which doesn’t work when run as part of deployment.

EncryptConfig.json (5.5 KB)


(Henrik Andersson) #8

Hi Harmeet,

Thanks for sending through the export to me.

When you say that you run the script on your server it works, are you running the script on the Tentacle server that is failing to create the correct ciphers as part of a deployment?

Also, are you running the script on the web.config file that has the correct values for the environment that the deployment runs in?

Could you disable the encrypt step, and then check the values that are in the web.config post-deployment to make sure that they are the correct ones? It feels like it might be an issue with values here at play as the script works fine when run on its own and we don’t do anything special as part of the deployment when running the script.


(Harmeet Sra) #9

Hi Henrik,

Script always runs without any errors. let me take you through steps

Failing scenario

  1. We kick deployment
  2. Package gets deployed and tokens gets replaced, now we have final web.config with correct connection strings in it.
  3. Encryption step runs fine and creates some cipher in web.config
  4. When we run application it can’t connect to database

Now we rolledback connection string and back to raw web.config file which has correct connection string.
5. I got to Library -> Step Templates -> Encrypt Step
6. Click Run
7. Select server where application is deployed
8. Provide path to last deployment
9 Click run, This runs fine and create cipher.
10. This time application can connect to database and runs fine.

Now in above scenario it’s not clear what’s the difference in these two execution and why application works for one encryption and fails for other?

Hope this clarify your query.

Thanks and Regards

(Henrik Andersson) #10

Hi Harmeet,

There is no difference in how we run the step template from within a deployment or manually running it from the Step Templates page.

Can you send through the two web.config files after each of the scenarios (both failing and successful) that you described.

Can you also do the following test for me:

  1. Disable the encryption step in your deployment process
  2. Create a new release and deploy that to your server
  3. Compare the resulting web.config to the web.config that you manually changed to have the correct connection string.

It is very strange that the two different ways your running the step is creating incorrect ciphers, and hopefully the above steps should tell us why.

Thank you and best regards,

(system) #11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.