Fix decrypting secrets in alerting migration (#41061)

2025-02-25 18:55:37 -06:00 · 2021-10-29 14:20:07 +03:00
parent b9e0a41f5a
commit ff086df3b5
2 changed files with 75 additions and 2 deletions
--- a/pkg/util/encryption_test.go
+++ b/pkg/util/encryption_test.go
@@ -32,6 +32,18 @@ func TestEncryption(t *testing.T) {
 		_, err := Decrypt([]byte(""), "1234")
 		require.Error(t, err)

-		assert.Equal(t, "unable to compute salt", err.Error())
+		assert.Equal(t, "unable to derive encryption algorithm", err.Error())
+	})
+
+	t.Run("decrypting secrets with algorithm metadata", func(t *testing.T) {
+		// Slice of bytes that corresponds to the following legacy ciphertext:
+		// - 'my very secret secret key' as a payload
+		// - '1234' as a secret
+		// - 'aes-cfb' as an encryption algorithm
+		// Has algorithm prefix
+		encrypted := []byte{0x2a, 0x59, 0x57, 0x56, 0x7a, 0x4c, 0x57, 0x4e, 0x6d, 0x59, 0x67, 0x2a, 0x7a, 0x35, 0x64, 0x57, 0x64, 0x37, 0x6b, 0x38, 0x77, 0x9a, 0xda, 0x7a, 0x1a, 0x24, 0x42, 0x22, 0x5f, 0x3d, 0x2e, 0xf, 0xd2, 0xad, 0x53, 0xa6, 0x69, 0x61, 0x5a, 0xe1, 0x9c, 0xc3, 0xda, 0x13, 0x80, 0xdc, 0x3e, 0x87, 0x49, 0xbf, 0xe7, 0x2d, 0xc1, 0x8f, 0x48, 0x26, 0x45, 0xe8, 0x1b, 0xe7, 0x51}
+		decrypted, err := Decrypt(encrypted, "1234")
+		require.NoError(t, err)
+		assert.Equal(t, "my very secret secret key", string(decrypted))
 	})
 }