-
Notifications
You must be signed in to change notification settings - Fork 511
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rekey feature doesn't work with multitenancy #3307
Comments
This is a full stack trace for the error. What's unusual is that the |
Here's more information about this issue: This error occurs when As I already described, I didn't set the
In acapy 1.0.1, when I use the This is not the key that was used to create the subwallet and as a result askar throws an AEAD decryption error. |
And the reason why the subwallet profile have base wallet key is that, in the acapy/aries_cloudagent/multitenant/single_wallet_askar_manager.py Lines 40 to 90 in 06d1cf8
|
I think this issue should be split into a couple of different issues. Firstly, the main issue could be solved if There are two things I'd like to see done separately from the main issue. Second, either the PUT Thirdly, POST |
A rekey feature was added a few months ago and works for standalone agents. However, in multitenancy mode rekey-ing the base wallet causes the subwallets to get a
AEAD decryption error
error. I'm not sure of the relation between the base and subwallet keys that would be causing this.I think supporting rekey for multitenancy should be supported and this problem fixed. It can essentially work as a key-rotate feature which is a security feature.
Also, it will help any old multitenant deployments (<0.12.0) that created their base wallets with a blank key to upgrade.
The text was updated successfully, but these errors were encountered: