-
Notifications
You must be signed in to change notification settings - Fork 78
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The authentication key/token which is stored by KWallet gets changed automatically for no apparent reason #2174
Comments
Thank you for filing this issue. We appreciate your feedback and will review the issue as soon as possible. Remember, however, that GitHub isn't a mechanism for receiving support under any agreement or SLA. If you require immediate assistance, contact Salesforce Customer Support. |
+1 Same here on Manjaro + KDE (fresh install). For me was causing so much pain as I work on multiple sandboxes and orgs at the same time (testing some CI/CD stuff). It was a pain to re-authenticate all the orgs. As a workaround at the moment, I have to back-up the secret value after successfully authenticating a bunch of orgs. When the issue comes up, I just restore the value to the previous one. Every single auth method (web, device, auth url, etc) is affected by this issue. |
one workaround would be to set SFDX_USE_GENERIC_UNIX_KEYCHAIN which will avoid using the KDE wallet for secret storage. Not sure if that's a good solution for you or not--it'll generate a key in the .sfdx folder and use that to encrypt secrets. Otherwise, I'm not sure how we'd replicate this without a linux machine, KDE, etc. And it might turn out to be a KDE wallet issue. If you want to try debugging this keyChain implementation stuff, the code starts around here: https://github.com/forcedotcom/sfdx-core/blob/1c42cf051cd98ae5811681e992c257785740f3a4/src/crypto/keyChain.ts#L47-L48 |
Thanks for the suggestion @mshanemc, but setting that env variable doesn't seem to affect the behavior:
|
I'm willing to try to track the execution flow within |
This issue has not received a response in 7 days. It will auto-close in 7 days unless a response is posted. |
Hey - just coming to this to say I stumbled across this exact error (Nobara 39, KDE) , I had my default browser set to Google Chrome, when I restarted (before opening Google Chrome) - I confirmed I still had this error and then tried to authenticate using |
Hey @zacherytapp! Thanks for your input!
#!/bin/bash
kwallet-query -f 'Secret Service' -r "'salesforce.com'" kdewallet > ~/.secret
#!/bin/bash
kwallet-query -f 'Secret Service' -w "'salesforce.com'" kdewallet < ~/.secret It's sad the SF CLI team obviously primarily use non-linux boxes, and would tend to assume that most developers are like them, so they consider Linux users' problems a minor concern. :-( CC: @mshanemc |
I just encountered this issue tonight. It was extremely frustrating and actually led to me using up my daily scratch org creation limit before I was ready to call it quits for the day. I hope Salesforce reconsiders fixing this issue. |
@Zosoled I doubt it that would happen, to be honest. Judging from how @mshanemc simply deferred debugging this to us, and couldn't even be bothered to provide any hints on how this can be debugged after I asked, speaks for itself. @mshanemc said:
I mean, how hard could this be?! The fact that there are devs who use this under linux, and KDE Plasma is one of the major graphical shells, used by thousands of people, should be reason enough for Salesforce to spare the necessary resources to support it. @Zosoled my advice would be to create these two one-line scripts that would allow you to backup- and restore the secret once this issue is manifested. This happens at least once every couple of days, but once I see the |
Looks like it is not |
There are two attribute-value pairs being created by the use of |
@mshanemc can this be reopened? It is still affecting my pipeline and is EXCEPTIONALLY aggravating when it destroys |
@Zosoled Recently I gave the Ever since I set this environment variable, Kdewallet is not used any more and I haven't experienced the AuthDecryptError since. |
@nasko Thanks, I'll give that a go. It would still be nice if the issue was fixed, but I won't hold my breath. |
Summary
The authentication key/token which is stored by KWallet gets changed automatically for no apparent reason. When this happens, all SFDX CLI commands return this error:
When at this point I execute
sf org list
, I'm getting this output:I can employ several alternative methods to see that the auth token/key has been changed:
$ secret-tool lookup domain sfdx
kwallet-query -f 'Secret Service' -r "'salesforce.com'" kdewallet
Steps To Reproduce:
I haven't yet identified any definitive steps to reproduce this issue. It just happens randomly.
To start clean, I'm performing these steps:
sf org logout
, such thatsf org list
returns no orgs at all.sf org login
kwallet-query -f 'Secret Service' -r "'salesforce.com'" kdewallet
Expected result
SFDX should not swap the existing secret with a newly generated one.
Actual result
At some random point, the 'salesforce.com' secret will get swapped for a newly generated one.
System Information
OS: Linux
Distribution: Arch Linux
Desktop environment: KDE Plasma 5.27
Shell: bash
The gnome-keyring optional dependency is not installed.
The Use KWallet for the Secret Service interface option is checked in KDE Wallet system settings.
sf version --verbose --json
output:sfdx version --verbose --json
output:Additional information
Secret in KWallet Manager:
AuthDecryptError in terminal:
KWallet System settings:
The text was updated successfully, but these errors were encountered: