Re-encryption in nexus repository

Sonatype Nexus Repository
,
1

We attempted the re-encryption in Nexus Repository based on the instructions on the pages below without success.

Re-encryption in Nexus Repository Default Secret Encryption Key - #7 by lemonsterfy

Nexus is installed on a Windows server. We are on Nexus version 3.77.1. We have attached screenshots showing the below.

  1. The nexus.secrets.file parameter is set in the nexus.log.

The nexus.secrets.file parameter is set in the nexus log
The nexus.secrets.file parameter is set in the nexus log602×226 214 KB

  1. The error in nexus.log saying it doesn’t exist.

The error in nexus.log saying it doesn't exist
The error in nexus.log saying it doesn't exist602×165 151 KB

  1. The nexus properties file.

The nexus properties file
The nexus properties file602×351 67.7 KB

  1. The json file in the location.

The json file in the location
The json file in the location602×136 23.2 KB

The contents of the json file is given below. We have replaced our key with .
{
“active”: “nexus-key”,
“keys”: [
{
“id”: “nexus-key”,
“key”: “”
}
]
}

The screenshots show the json file on the Nexus server. We’ve tried different ways including slashes different ways and double slashes. We’ve tried in different locations, on a different server using network paths, and network drive on the same server. We even tried the environment variables method.

It would be appreciated if you could make suggests for where we are going wrong and let us know how to get it working with the json file on another server if possible.

2

Shouldn’t the windows file path actually be C:\nexus\nexus.secrets.json with backslashes?
Or probably C:\\nexus\\nexus.secrets.json in the properties file, if the backslashes are removed while parsing.

I know, most Java libs support both, it worth a try.

Other guess: The Explorer does not show the .properties extension on the config file, so I assume extensions are hidden … Is the file name really nexus.secrets.json or something hidden like nexus.secrets.json.json or nexus.secrets.json.txt?

3

The screenshots are too small to read any text in them but I would suggest also verifying the service would have the rights to read the file.

4

Thank you, both for your suggestions.

The initial error looks to have been the file extension. After I changed the filename and extension from nexus.secrets.json.json to nexus.secrets.json the warning associated with the key no longer appeared in the nexus.log.

For the re-encrypt API I had to change the filename from nexus.secrets.json to nexus_secrets.json.

I tried the same with a network drive to the file stored on a different server and it gave the original error. I think this is likely to be permissions. Unless, you have any other suggestions?

5

Hi, I was unable to get the mapped network drive to work. We where able to get a shared location on a remote server to work. The parameter needed to have all slashes as forward slashes. For example, ////.

In addition to the above:

  1. We changed the nexus Windows service to logon with a user that had the required permissions.

  2. On the remote server, we gave the user the required permissions on the secret file and the folders containing it.