At least one field decryption failed, check ENCRYPTION_KEY

Problem:
I need a way to reset all encrypted field, or at least an info which field is affected.
The old ENCRYPTION_KEY got lost during a datamigration.

[root@katello tmp]# foreman-rake katello:delete_orphaned_content RAILS_ENV=production
At least one field decryption failed, check ENCRYPTION_KEY

I already searched the forum and found a thread where the solution was to reprovide all passwords. I already did that on all i found, but there seem some missing still.

Expected outcome:

Foreman: 3.5.2

Distribution and version:
Oracle Linux 8.7

I’m not sure how easy it is to recover, but there are some rake tasks that may help:

foreman-rake security:generate_encryption_key
foreman-rake db:decrypt_all
foreman-rake db:encrypt_all
1 Like

I was having this problem (At least one field decryption failed, check ENCRYPTION_KEY), and the web interface was returning Could not bind to ActiveDirectory user svc-foreman, because as part of my upgrade process for the OS my Foreman runs on from Ubuntu 20.04 “focal” to 22.04 “jammy”, I was having puppet purge the libruby2.7 package, due to jammy, bookworm: set ruby-webrick dependency to >= 1.7.0 by kenyon · Pull Request #11953 · theforeman/foreman-packaging · GitHub. That purge caused the purge of all of the foreman packages, which caused the removal of /etc/foreman/encryption_key.rb, which is what caused this problem. Just having puppet ensure => absent on libruby2.7 instead of purged resolved the problem. This post also helped me realize the issue: Encryption decryption oauth_consumer_key - #4 by ekohl

Wanted to note this in case it helps someone else.

1 Like