Comments (4)
encrypted:
- column: name
token_type: str
tokenized: true
with these settings acra-server will tokenize data instead of encryption. so in your database you should expect replaced data instead of real data that you try to store.
I'm not familiar with chatwoot, so it requires more time to reproduce this case.
Will be much better if you show whole logs from acra-server, not only one error row. And try to start acra-server with -d
flag that turns on debug level logs before it.
from acra.
Hi lagovas,
Thanks for the reply, yup my bad, got confused about that. Yes, i was expecting tokenization. But the data was kept as is, and no tokenization was done. I have used the same config on another db with another project, which was a php app. it works fine and tokenization was done as intended. Here are the logs. If you inspect it you can find the error that i mentioned. At the same time, i will also attach the structure of the table i was trying to perform tokenization.
from acra.
Hi, my apologies for the delayed response. I tried to deploy chatwoot using docker-compose, added here acra-server with your encryptor config and see that it works as expected. I just extended it with:
acra-server:
image: cossacklabs/acra-server:current
restart: always
environment:
ACRA_MASTER_KEY: ${ACRA_SERVER_MASTER_KEY:-vcACAvdoLT24yWtjAEB/IVcBjjSx/MxOBveQWMq2V+o=}
ports:
- "9393:9393"
volumes:
- /tmp/.acrakeys:/keys
- /tmp/encryptor-config.yaml:/encryptor-config.yml
- /tmp/acra/tests/ssl:/ssl
- /tmp/logs:/tmp/logs
command: >-
--db_host=postgres
--client_id=client
--db_port=5432
--keys_dir=/keys
--encryptor_config_file=/encryptor-config.yml
--tls_auth=4
--tls_ca=/ssl/ca/ca.crt
--tls_cert=/ssl/acra-server/acra-server.crt
--tls_key=/ssl/acra-server/acra-server.key
--log_to_file=/tmp/logs/log.txt
-d
with acra-server's container, with pre-generated keys on the host machine for --client_id=client
and using SSL certs from Acra repository just because it is already existing self-signed with expected server name acra-server
. Additionally, I updated .env file (used .env.example from the chatwoot's repo) with
DATABASE_URL=postgresql://test:test@acra-server:9393/chatwoot?sslmode=disable
#POSTGRES_DATABASE=
#POSTGRES_HOST=localhost
#POSTGRES_PORT=9393
#POSTGRES_USERNAME=test
#POSTGRES_PASSWORD=test
to avoid complications with the SSL and just to test with statically specified client_id
.
After initial chatwoot's registration, I found tokenized name
value in the database queries directly to PostgreSQL.
So, please try this configuration one more time or provide some environment to reproduce your problem. For example as docker-compose script of deployment or something reproducible.
P.S. I read your log file and found error: time="2022-09-29T08:31:24Z" level=error msg="Column count in RowDescription packet not same as parsed query count of columns"
. My first thought was that problem with incorrect encryptor_config and table description or inappropriate table's schema in the database. Or issue related to recently fixed problem with quoted columns (RoR wraps identifiers with double quotes like select "inboxes".* from "inboxes" where "inboxes"."channel_type" = $1
, but it is works with 0.93.0 without fixes.
P.S.2 I tested with cossacklabs/acra-server:0.93.0
and :current
(current master state) images, works both.
P.S.3 Keep in mind that in my example of acra-server's container I used configs and certs from the host machine from the /tmp folder. Use your own or place into the same place.
from acra.
I close it due to looks like works and no answer for a month. Feel free to re-open if it continues not working and steps to reproduce.
from acra.
Related Issues (20)
- [ISSUE] Acra throws errors on tables with columns wrapped with double quotes HOT 3
- [ISSUE] Acra replaces null values by an empty string when using prepared statements HOT 3
- [ISSUE] tls_ocsp_from_cert: ignore doesn't ignore database OCSP, undocumented behaviour HOT 4
- Clarification on replacement of Zones HOT 2
- [ISSUE] Tokenization in MariaDB HOT 2
- Question HOT 2
- [ISSUE] "Error 2006: MySQL server has gone away" while executing mysqli prepared statements HOT 1
- [ISSUE] PAN masking does not meet the PCI SSC requirements HOT 1
- Question about AcraCensor: SQL query without "FROM" HOT 2
- Question about poison records HOT 7
- Online SQL grammar editor/tester
- Ask: How to use Masking? HOT 3
- [ISSUE] Encryption Not working HOT 4
- [ISSUE]Reducing overhead HOT 3
- [ISSUE]Supported MySQL Versions HOT 2
- [Query] acraserver in distributed environment behind load balancer HOT 4
- [ISSUE] Index on encrypted column HOT 1
- [ISSUE]Facing lot of "use of closed network connection" error HOT 2
- What should be the approach to supporting Microsoft SQL Server and Oracle? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acra.