[ISSUE] Using Acra as proxy/encryptor with rails app fails to encrypt about acra HOT 4 CLOSED

encrypted:
  - column: name
    token_type: str
    tokenized: true

with these settings acra-server will tokenize data instead of encryption. so in your database you should expect replaced data instead of real data that you try to store.

I'm not familiar with chatwoot, so it requires more time to reproduce this case.
Will be much better if you show whole logs from acra-server, not only one error row. And try to start acra-server with -d flag that turns on debug level logs before it.

from acra.

Hi lagovas,

Thanks for the reply, yup my bad, got confused about that. Yes, i was expecting tokenization. But the data was kept as is, and no tokenization was done. I have used the same config on another db with another project, which was a php app. it works fine and tokenization was done as intended. Here are the logs. If you inspect it you can find the error that i mentioned. At the same time, i will also attach the structure of the table i was trying to perform tokenization.

acra.log

from acra.

Hi, my apologies for the delayed response. I tried to deploy chatwoot using docker-compose, added here acra-server with your encryptor config and see that it works as expected. I just extended it with:

acra-server:
    image: cossacklabs/acra-server:current
    restart: always
    environment:
      ACRA_MASTER_KEY: ${ACRA_SERVER_MASTER_KEY:-vcACAvdoLT24yWtjAEB/IVcBjjSx/MxOBveQWMq2V+o=}
    ports:
      - "9393:9393"
    volumes:
      - /tmp/.acrakeys:/keys
      - /tmp/encryptor-config.yaml:/encryptor-config.yml
      - /tmp/acra/tests/ssl:/ssl
      - /tmp/logs:/tmp/logs
    command: >-
      --db_host=postgres
      --client_id=client
      --db_port=5432
      --keys_dir=/keys
      --encryptor_config_file=/encryptor-config.yml
      --tls_auth=4
      --tls_ca=/ssl/ca/ca.crt
      --tls_cert=/ssl/acra-server/acra-server.crt
      --tls_key=/ssl/acra-server/acra-server.key
      --log_to_file=/tmp/logs/log.txt
      -d

with acra-server's container, with pre-generated keys on the host machine for --client_id=client and using SSL certs from Acra repository just because it is already existing self-signed with expected server name acra-server. Additionally, I updated .env file (used .env.example from the chatwoot's repo) with

DATABASE_URL=postgresql://test:test@acra-server:9393/chatwoot?sslmode=disable
#POSTGRES_DATABASE=
#POSTGRES_HOST=localhost
#POSTGRES_PORT=9393
#POSTGRES_USERNAME=test
#POSTGRES_PASSWORD=test

to avoid complications with the SSL and just to test with statically specified client_id.
After initial chatwoot's registration, I found tokenized name value in the database queries directly to PostgreSQL.

So, please try this configuration one more time or provide some environment to reproduce your problem. For example as docker-compose script of deployment or something reproducible.

P.S. I read your log file and found error: time="2022-09-29T08:31:24Z" level=error msg="Column count in RowDescription packet not same as parsed query count of columns". My first thought was that problem with incorrect encryptor_config and table description or inappropriate table's schema in the database. Or issue related to recently fixed problem with quoted columns (RoR wraps identifiers with double quotes like select "inboxes".* from "inboxes" where "inboxes"."channel_type" = $1, but it is works with 0.93.0 without fixes.
P.S.2 I tested with cossacklabs/acra-server:0.93.0 and :current (current master state) images, works both.
P.S.3 Keep in mind that in my example of acra-server's container I used configs and certs from the host machine from the /tmp folder. Use your own or place into the same place.

from acra.

I close it due to looks like works and no answer for a month. Feel free to re-open if it continues not working and steps to reproduce.

from acra.