I would like to find a way to store encrypted file in my github repository that Heroku can decrypt on-the-fly (it's not env var but plain old .csv files).
I used git-crypt successfully on my machine but it seems that I cannot add a gpg key to heroku.
When I connect to heroku-cli and I try to create a gpg key usingheroku run gpg --gen-key I got the following error:
gpg: signing failed: Inappropriate ioctl for device
Anyhow, I'm not even sure git-crypt is the right way to go, so feel free to gave me any other alternative solution.
Related
I have been trying to import a RSA key container from aspnet_regiis. Steps are as follows.
Run the command prompt as administrator
cd C:\windows\Microsoft.NET\Framework\v2.0.50727
aspnet_regiis -pi myrsakey E:\keyfile.xml
When followed the above steps I get the error as follows
**
Importing RSA Keys from file.. Keyset as registered is invalid.
<Exception from HRESULT: 0x8009001A> Failed!
**
For this "Keyset as registered is invalid" error almost every web result says to try renaming RSA file in the path C:\Users\myuser\AppData\Roaming\Microsoft\Crypto to RSA.old and reboot. If that does not work try renaming Crypto folder as Crypto.old. Eventhough I tried these steps it did not resolve the above issue. I am even running the cmd as administrator. So I was not sure what I am missing in here. Would you be help me to find a solution or a workaround for this issue.
Thanks in advance
Okay I found the answer.
As I was installing this RSA as a machine level key I should have renamed the RSA to RSA.old in the path C:\ProgramData\Microsoft\Crypto
After rename and I reboot the system. And then did the above mentioned steps again in the cmd. This time it succeded.
Previously I was renaming the RSA folder in the wrong place which is in my personal area (C:\Users\myuser\AppData\Roaming\Microsoft\Crypto).
I am using Mac 10.15.1.
I have installed PostgreSQL database which is signed by its certificate. User can extend the postgresql database by writing the extension so I have written the extension and created ".so" file which is signed by my certificates. I have used below command to sign the library file.
codesign --verbose --verify --deep -f -s '<My_Apple_ID>' --options runtime My_library.so
After loading this new library with installed postgresql database, it gives error of "different Team IDs" as below. This is because installed postgresql is signed with team ID XXX and My_library.so is signed with team ID YYY.
code signature in (My_library.so) not valid for use in process using Library Validation: mapping process and mapped file (non-platform) have different Team IDs
As in my Certificate Team ID is different and installed product have their own team ID.
So how can we resolve this issue?
I'm having troubles to connect an existing heroku database to Google Datastudio. I'm trying to add the connection and I get the following:
Access denied, please check your username and password.
Now, I'm 100% sure that I'm correct on those credentials and the problem comes from somewhere else.
I've tried with different setup, either a free or a paid PSQL instance, nothing works.
I've also setup a dummy account on elephantsql and the connection worked the first time without any issue.
Do you have any idea of the cause of that problem?
Edit:
Just found https://www.en.advertisercommunity.com/t5/Data-Studio/Heroku-Postgres-lt-gt-Google-Data-Studio/m-p/1031729 which is not helpful at the time of writing this post.
Since the February 6, 2018 update, Google DataStudio allows SSL connections with PostgreSQL, which is necessary to connect to a database created via Heroku.
To enable SSL you need to provide client key+cert and server cert, which can be accomplished by taking the following steps:
Generate a self-signed cert + key with openssl for client key + certificate:
openssl req \
-newkey rsa:2048 -nodes -keyout client.key \
-x509 -days 365 -out client.crt
Use the postgres_get_server_cert.py script to get the self-signed server cert from heroku psql:
https://raw.githubusercontent.com/thusoy/postgres-mitm/master/postgres_get_server_cert.py
The problem is that Heroku Postgres requires an SSL connection which doesn't seem possible with Data Studio at the moment. Hopefully Google will add that option soon.
Make sure to run the openssl command on one line to generate the client.key and client.crt in one command. It took me a couple of tries of downloading the certificates (unable to reach host error), but this finally got me connected to Heroku Postgres with GDS.
I thought I would mention that I have used this for quite awhile, but every time my database undergoes maintenance it breaks and I have to manually reconnect the certificates. I developed a better approach - connect the data to Google BigQuery and do your blends there, and then use the BigQuery Community Connector. The charts are more performant this way AND you can now use query parameters on blended data.
Of course, DataStudio won't connect directly to Heroku Postgres for the same reason, so I use a service called Fivetran to grab the raw data and send it to Google BigQuery. There is a cost to this, of course, but for some projects it may be worth it. At some point I will move my database off of Heroku to either AWS or Google itself to allow a direct connection, but that is a larger project.
I setup public key access to my server via ssh. I have a .ssh folder on my local windows computer. I configured ssh to add the private key using the ssh-add <directory> command. I am able to successfully connect to my server using windowspowershell. The chmod and Chown of the .ssh directory and authorized file are configured correctly on my server. sshd_config is configured correctly and points to the correct key.
The connection works perfectly with shell so there is no problem on my server. But with Eclipse, and its plugin in particular, Egit, I keep getting a Unable to use key file <directory of the key file I loaded into eclipse the same one used by ssh error every time I try to push my revision commits to my git repository on the server. I went to Pref > General > Network > SSH2 and added the right private key, the ssh2 home directory is set correctly too, in fact the public an private key were both generated using the key management tab and loaded into my server.
My windows permissions on that folder and those keys is set to allow all users to do everything just for good measure.
Now one clue is, the known hosts tab has a host fingerprint that does not match the fingerprint of my key. My key is something like f1:19: etc and the hosts fingerprint is different. I hope I can fix this soon. Any suggestions would be great.
ssh-add -l = two private keys that I am using. So its not this.
Another clue is, after going into my putty program and changes the private key that it ses suddenly is i try to connect to ssh with a key acces in eclipse the error it throws shows reflects the same key that I just changed in putty!! Somehow eclipse seems to be using putty for public key access. How do I stop this?!
Okay here's the solution. For whatever reason Egit uses putty to connect to ssh using the configuration putty is set to use to access a server with a public key. The way you fix this is to make sure putty is able to connect to the server using a public key. If it can't then try this:
Download puttygen
Generate a rsa key using either ssh shell or the key management tab on eclipse. Do not generate a key using puttygen. For whatever reason it never worked for me.
Load the private key you generated (not generated with puttygen) into puttygen and then save as a putty private key (.ppk)
Go to eclipses key management tab and set it to recognize the new .ppk private key file
Finally go to putty, and create your servers profile by assigning the address and then go to auth and load the .ppk file. DISABLE pageant.
Save and attempt to connect to server using the key and if successful then congratulations Egit and Eclipse will now be able to make connections using keys.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Environment: HP laptop with Windows XP SP2
I had created some encrypted files using GnuPG (gpg) for Windows. Yesterday, my hard disk failed so I had reimage the hard disk. I have now reinstalled gpg and regenerated my keys using the same passphrase as earlier. But, I am now unable to decrypt the files. I get the following error:
C:\sureshr>gpg -a c:\sureshr\work\passwords.gpg
gpg: encrypted with 1024-bit ELG-E key, ID 279AB302, created 2008-07-21
"Suresh Ramaswamy (AAA) BBB"
gpg: decryption failed: secret key not available
C:\sureshr>gpg --list-keys
C:/Documents and Settings/sureshr/Application Data/gnupg\pubring.gpg
--------------------------------------------------------------------
pub 1024D/80059241 2008-07-21
uid Suresh Ramaswamy (AAA) BBB
sub 1024g/279AB302 2008-07-21
AAA = gpg comment
BBB = my email address
I am sure that I am using the correct passphrase. What exactly does this error mean? How do I tell gpg where to find my secret key?
Thanks,
Suresh
You need to import not only your secret key, but also the corresponding public key, or you'll get this error.
when reimporting your keys from the old keyring, you need to specify the command:
gpg --allow-secret-key-import --import <keyring>
otherwise it will only import the public keys, not the private keys.
Yes, your secret key appears to be missing. Without it, you will not be able to decrypt the files.
Do you have the key backed up somewhere?
Re-creating the keys, whether you use the same passphrase or not, will not work. Each key pair is unique.
workmad3 is apparently out of date, at least for current gpg, as the --allow-secret-key-import is now obsolete and does nothing.
What happened to me was that I failed to export properly. Just doing gpg --export is not adequate, as it only exports the public keys. When exporting keys, you have to do
gpg --export-secret-keys >keyfile
One more cause for the "secret key not available" message: GPG version mismatch.
Practical example: I had been using GPG v1.4. Switching packaging systems, the MacPorts supplied gpg was removed, and revealed another gpg binary in the path, this one version 2.0. For decryption, it was unable to locate the secret key and gave this very error.
For encryption, it complained about an unusable public key.
However, gpg -k and -K both listed valid keys, which was the cause of major confusion.
The resolution to this problem for me, was to notify the sender that he did use the Public key that I sent them but rather someone elses. You should see the key that they used. Tell them to use the correct one.