Maven build Error: Fail to decrypt the property x. Please check your secret key

bcoveny · February 7, 2022, 5:15pm

I have been using this for a while and not why all of a sudden I am getting an error on a property when it contains {aes} and the property is not related to sonar running in anyway.

Configuration

Maven 3.8.4 (also tried 3.6.3)
Java 17 (also tried 8 and 11)
Sonar Maven Plugin 3.9.1.2184 (also tried 3.9.0.2155, 3.8.0.2131)

Maven Command

mvn verify sonar:sonar

Maven Output

[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  3.570 s
[INFO] Finished at: 2022-02-07T11:53:45-05:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar (default-cli) on project sonar-secret-issue: Fail to decrypt the property org.example.password. Please check your
 secret key.: The property sonar.secretKeyPath does not link to a valid file: [excluded].sonar\sonar-secret.txt -> [Help 1]
[ERROR]

Maven Output with -e Swtich

[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  2.286 s
[INFO] Finished at: 2022-02-07T11:58:30-05:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar (default-cli) on project sonar-secret-issue: Fail to decrypt the property org.example.password. Please check your
 secret key.: The property sonar.secretKeyPath does not link to a valid file: [excluded].sonar\sonar-secret.txt -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar (default-cli) on project sonar-secret-issue: Fail to decrypt the 
property org.example.password. Please check your secret key.
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
    at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
    at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
    at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
    at org.apache.maven.cli.MavenCli.execute (MavenCli.java:972)
    at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:293)
    at org.apache.maven.cli.MavenCli.main (MavenCli.java:196)
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:77)
    at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke (Method.java:568)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
    at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
    at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
Caused by: org.apache.maven.plugin.MojoExecutionException: Fail to decrypt the property org.example.password. Please check your secret key.
    at org.sonarsource.scanner.maven.bootstrap.ScannerBootstrapper.execute (ScannerBootstrapper.java:67)
    at org.sonarsource.scanner.maven.SonarQubeMojo.execute (SonarQubeMojo.java:108)
    at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
    at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
    at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
    at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
    at org.apache.maven.cli.MavenCli.execute (MavenCli.java:972)
    at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:293)
    at org.apache.maven.cli.MavenCli.main (MavenCli.java:196)
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:77)
    at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke (Method.java:568)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
    at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
    at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
Caused by: java.lang.IllegalStateException: Fail to decrypt the property org.example.password. Please check your secret key.
    at org.sonar.scanner.bootstrap.ScannerProperties.<init> (ScannerProperties.java:49)
    at org.sonar.scanner.bootstrap.GlobalContainer.doBeforeStart (GlobalContainer.java:78)
    at org.sonar.core.platform.ComponentContainer.startComponents (ComponentContainer.java:135)
    at org.sonar.core.platform.ComponentContainer.execute (ComponentContainer.java:123)
    at org.sonar.batch.bootstrapper.Batch.doExecute (Batch.java:72)
    at org.sonar.batch.bootstrapper.Batch.execute (Batch.java:66)
    at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute (BatchIsolatedLauncher.java:46)
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:77)
    at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke (Method.java:568)
    at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke (IsolatedLauncherProxy.java:60)
    at jdk.proxy3.$Proxy24.execute (Unknown Source)
    at org.sonarsource.scanner.api.EmbeddedScanner.doExecute (EmbeddedScanner.java:189)
    at org.sonarsource.scanner.api.EmbeddedScanner.execute (EmbeddedScanner.java:138)
    at org.sonarsource.scanner.maven.bootstrap.ScannerBootstrapper.execute (ScannerBootstrapper.java:65)
    at org.sonarsource.scanner.maven.SonarQubeMojo.execute (SonarQubeMojo.java:108)
    at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
    at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
    at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
    at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
    at org.apache.maven.cli.MavenCli.execute (MavenCli.java:972)
    at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:293)
    at org.apache.maven.cli.MavenCli.main (MavenCli.java:196)
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:77)
    at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke (Method.java:568)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
    at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
    at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
Caused by: java.lang.IllegalStateException: The property sonar.secretKeyPath does not link to a valid file: [excluded]\.sonar\sonar-secret.txt
    at org.sonar.api.config.internal.AesCipher.loadSecretFileFromFile (AesCipher.java:71)
    at org.sonar.api.config.internal.AesCipher.loadSecretFile (AesCipher.java:62)
    at org.sonar.api.config.internal.AesECBCipher.decrypt (AesECBCipher.java:57)
    at org.sonar.api.config.internal.Encryption.decrypt (Encryption.java:86)
    at org.sonar.scanner.bootstrap.ScannerProperties.<init> (ScannerProperties.java:47)
    at org.sonar.scanner.bootstrap.GlobalContainer.doBeforeStart (GlobalContainer.java:78)
    at org.sonar.core.platform.ComponentContainer.startComponents (ComponentContainer.java:135)
    at org.sonar.core.platform.ComponentContainer.execute (ComponentContainer.java:123)
    at org.sonar.batch.bootstrapper.Batch.doExecute (Batch.java:72)
    at org.sonar.batch.bootstrapper.Batch.execute (Batch.java:66)
    at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute (BatchIsolatedLauncher.java:46)
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:77)
    at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke (Method.java:568)
    at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke (IsolatedLauncherProxy.java:60)
    at jdk.proxy3.$Proxy24.execute (Unknown Source)
    at org.sonarsource.scanner.api.EmbeddedScanner.doExecute (EmbeddedScanner.java:189)
    at org.sonarsource.scanner.api.EmbeddedScanner.execute (EmbeddedScanner.java:138)
    at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke (Method.java:568)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
    at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
    at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
[ERROR]

Steps to Reproduce

Create project with pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>org.example</groupId>
    <artifactId>sonar-secret-issue</artifactId>
    <version>1.0-SNAPSHOT</version>

    <name>sonar-secret-issue</name>

    <properties>
        <maven.compiler.source>17</maven.compiler.source>
        <maven.compiler.target>17</maven.compiler.target>
        <org.example.password>{aes}something-would-be-here-but-not-for-sonar</org.example.password>

        <sonar.host.url>http://localhost:9000/</sonar.host.url>
        <sonar.language>java</sonar.language>
        <sonar.projectKey>${project.name}</sonar.projectKey>
    </properties>
</project>

Run maven command mvn verify sonar:sonar

Potential Workaround
Using sonar-project.properties and the manual sonar-scanner command line utility it run and works properly. Not very ideal in a CI/CD environment and would expect the same results from the maven plugin.

Potential Workaround 2
I am not sure if I read all the code properly, however, potentially this line sonarqube/ScannerProperties.java at ca4aa60e6e087819e2c1445ef49b8c5ab8e82b76 · SonarSource/sonarqube · GitHub could change to only look for “sonar.” properties or provide an override to not test encryption.

Expectation
I would expect that SonarSource Scanner would disregard any properties that are not related to Sonar directly or that don’t start with sonar.

I am sure I have used this previously and not sure why all of sudden this behavior would be encountered. I am willing to do additional steps to capture more information if necessary.

Bruce

ganncamp · February 7, 2022, 8:29pm

Hi Bruce,

Welcome to the community!

This error is about a server-side change. It looks like your SonarQube admin is experimenting with encryption on the server side, and has configured a bad path to the key file. (Docs reference.)

Why would this suddenly affect a previously-working analysis? Because sometimes sensitive values are needed during analysis, so the ability to decrypt is required.

To sort this out, you’ll need to ping the SonarQube admin.

HTH,
Ann

bcoveny · February 7, 2022, 9:12pm

Hello G Ann,

In this case I am the SonarQube admin! I am running it locally with Docker and have not made any encryption settings in SonarQube.

From what I see Sonar is picking up any “potentially” encrypted property even if the property is not in correlation to running anything related to sonar.

So if I reading what you saying if we had any property unrelated to Sonar it has to go through sonar and have a valid decryption through Sonar even if it is necessary for a different plugin?

Seems just odd because it has the term “{aes}” that Sonar must be able to decrypt it. If the property name began with sonar and had “{aes}” in the value then I would expect that Sonar should be able to decrypt it. I wouldn’t want Sonar to be able to decrypt all my potential properties.

I even just went through and did a fresh clean install of SonarQube and only changed default admin password and created login token. I still receive the same issue.

I also recently updated from 9.2.4 to 9.3 so I even went back and tried 9.2.4 again but get the same error.

I also want to point out from my original post if I use the sonnar-scanner from command line I receive no such error and the results are posted to SonarQube with no issues.

Thanks
Bruce

pbq · February 8, 2022, 9:22am

Hi, i’m experiencing the exact same issue with some non-related passwords.
I’m running a sonarqube 9.1 server and have the same behaviour with a sonarqube 6.7.4 (so old).

I tried with different versions of sonar-maven-plugin (3.8 to 3.9) but got the issue.

Pierre

Topic		Replies	Views
Get encryption error on env value - "Fail to decrypt the property" on unrelated Sonar propertie SonarQube Server / Community Build java , sonarqube , maven , plugin	3	81	October 17, 2024
Sonar-maven-plugin 3.10.0.2594 breaks compatibility with maven encrypted secret (sonar.login) SonarQube Server / Community Build maven	11	1027	March 15, 2024
Suddenly failing to analyse all projects - Tag mismatch! SonarQube Server / Community Build sonarqube , background_task , encryption	2	826	July 7, 2023
Error in Travis Log: "You're not authorized to run analysis. Please contact the project administrator" and Travis CI org not sending Jacoco reports to SonarCloud SonarQube Cloud iam , sonarqube-cloud	46	5432	July 31, 2020
Access to the secured property 'checkmarx.server.credentials.secured' is not possible in issues mode. The SonarQube plugin which requires this property must be deactivated in issues mode SonarQube Server / Community Build	5	841	August 1, 2018

Maven build Error: Fail to decrypt the property x. Please check your secret key

Related topics