Adobe Experience Manager Sites & More

MohanJo · 4/4/24

When directly hardcoding the privateKey value into the OSGi configuration, it functions correctly. However, when attempting to use an environment variable in Adobe Cloud Manager to store and reference the same privateKey value, the application fails with an error message.

Below value works in OSGI - Notice "\r\n\" characters for new line

{

privateKey: "-----BEGIN RSA PRIVATE KEY----\r\n\BsdfdsfjdsewedXAfah1g74bNyrxY31ewqewZ3caLDngewqedwFp01RvhewjewD\r\nKOlwvUreUK6dBbnOvrewqeWw5yMFewoYFaPeksMFSRXC7Sreewed3w6WoewqeO+R4KDSHU/Yi9P\r\nPHvH6bfVwew957eqwegrUvuIb/CBYUGg4S3R6I/zNAJeewemeSJr344XAGxewqe6hIkZA/i/boW013\r\nLl1dXMyNqxwt6SZBcmeX/6FJUi6Fcebhba5aLnWkLF1036MfMsh\r\ncoXqs1kXtgfj0XJlIcH+T7rP0xJjIdTIjaPoQVeG+sKzWhRoRHjSaQehwendshadsadhsadsadj==\r\n-----END RSA PRIVATE KEY-----\r\n"

}

Now, when i store the above value in the variable(pvtKey) in the AEM cloud manager, and reference in OSGI config, it doesn't work. I have replaced \r\n\ with space.Getting following error. I have verified multiple times to ensure value is same.

{

privateKey: "$[env.pvtKey]"

}

The error is java.io.IOException: -----END RSA PRIVATE KEY not found

kapil_rajoria · 4/5/24

Hi @MohanJo,
The issue you're facing is caused by how environment variables handle newlines. When you directly hardcoded the private key in the OSGi configuration, the \r\n characters were preserved, which is the correct format for a PEM encoded private key.

However, replacing the \r\n with spaces in the environment variable disrupts the format. The error message "java.io.IOException: -----END RSA PRIVATE KEY not found" indicates that the code cannot find the ending delimiter for the private key because the newlines are missing.

Don't replace the \r\n characters with spaces. Update your logic to store the private key value in the environment variable pvtKey while preserving the newlines. You can achieve this using escaping or raw string literals depending on your programming language.

If still the above solution doesn't work, the double quotes might treat the entire string as a literal. The env.pvtKey part wouldn't be interpreted as an environment variable reference.
Above solution shall work fine if OSGi configuration format allows plain string substitution.
Ensure your environment variable pvtKey is set correctly with the private key value, preserving the \r\n characters.

MohanJo · 4/5/24

HI @kapil_rajoria can you please share an example with an osgi value and corresponding environment variable value. May be you can format my private key to make it compatible with environment variable. Just an fyi, I m reading that osgi config in java servlet where it's throwing an exception. I have pasted the osgi and enviornment value below.

Private key in OSGI- it works

-----BEGIN RSA PRIVATE KEY-----\r\nMIIEpAIBAAKCAQEAyp/uARcq+PQddXAfah1g74bNyrxY31wZ3caLDngdwFp01RvD\r\nKOlwvUreUK6dBbnOvrWw5yMFewoYFaPeksMFSRXC7Sred3w6WoO+R4KDSHU/Yi9P\r\nPHvH6bfV957grUvuIb/CBYUGg4S3R6I/zNAJemeSJr344XAGx6hIkZA/i/boW013\r\nLl1dXMyNqxwt6SZBcmeX/6FJUi6Fcebhba5aLoK5ROfgDQY64edwaP7HvURrFD7B\r\nHD82xVZJADiIKGc+vv+7DusO72kFNUgA8sMYG9jcfred2VWhweTMJWY3PITb3Xux\r\nXUwHlkIScNrl6BD96sllTLKGMIqfpVUFYiMtKQIDAQABAoIBAQCAXFJdNH0Pmy3y\r\nUKZGBfh7pO1HiovOa70jJny/HM7UJTmwK1c12rSF5iDyAbwNfYkAfX9k3WXCbUGW\r\nq+n7FTqK8xM6RZcLIJKi9qSbDo32X/hYTdonWc7qO4B7zpVMkzZ3ANB7yKq4tGGb\r\nKqi6KexnM6d9jYlV3y8cWnomZLgtBIvL1IhdPrxaLCWik6Xk453NpFCbMX/xtoGG\r\n3aIyanDz1UgvvKP00a4+vIU9i4lsQ58F9ttxNrxSKrj3G72r5W9nF0kbp282NMQC\r\nNUK+n+5e6xqPfEoFe4zQTsiULdmHk1R2LJ8n981eRqufXzQk8Q6MKUsK1AwIv7dr\r\nSsE3/F9RAoGBAOiFT93N4xdLJ/HXr3AX1iE60ltcWNmHCkcagBxHsTMC+K47hkHJ\r\njJtRdBDYRHFct/HLBMYvmI+YG9+7DfzVLWIjrVUw6vEI6p83irxInVuoruWm4nt0\r\nkH7XjktjW/U+GnCF+k+IzdKSLuXEs/slq+0ugx0V7GlItRnBezWM3irNAoGBAN8V\r\nzVROFu1c/xX14ri+6Pln4bU53zqgr1NgxeOEMP1TLH18hdvK8QMKSGuIjyGjqStU\r\neWo90J3V5ySJg3resPpBqWz7uV+XL1QcCC5ZnQOe14z6oQojLV3860MScap4bRhd\r\n9GW0dcnJPlHV6QYypGHuETJK5LqLYWBbTOZdpIPNAoGBALRLkqc5WyoXs6x6AuYX\r\nBYmUs8H1tEtPw69opAfJq2QTnMJ1E2B1qNpSaX4aQ8/nBhatxlDqXRCS8KIlx+3R\r\nWrRrV57kJHir4kl85s2iPKny/VLDeYAi3VwNRp+8NnTOJ/AyYupC+N2bTlQJl0lZ\r\nZ5us4iuucTceEpcbCK94QFjNAoGAGIvCkvMgrK9d1eG/N4qyAbc/a3xZpo7Fm8v7\r\nGiSSa106ePg5lkyHJkl8XHCjJxVl6MGbtmfky2kczLVgxSU5nd+Zr8cmx3DQIVYQ\r\nRGFR2HMizn1JON9T/5JzpGakIRitEFBOMt6fUzuUYtbBlBAAbFIQjFMXRbtOVJbX\r\nKEXHc0UCgYAp2rrSU+8eyh7PBtYW0wEO8VJVLy1G0rYRJDynkIHGAuUWe6wijB8C\r\nI+tGtoPUkbf3J+w7N0X6OvkH1vPHC8BhY6x/VVMhpfJduMDm3MnWkLF1036MfMsh\r\ncoXqs1kXtgfj0XJlIcH+T7rP0xJjIdTIjaPoQVeG+sKzWhRoRHjSaQ==\r\n-----END RSA PRIVATE KEY-----\r\n


Environment variable - Tried below shown formatted value, but no luck

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAyp/uARcq+PQddXAfah1g74bNyrxY31wZ3caLDngdwFp01RvD
KOlwvUreUK6dBbnOvrWw5yMFewoYFaPeksMFSRXC7Sred3w6WoO+R4KDSHU/Yi9P
PHvH6bfV957grUvuIb/CBYUGg4S3R6I/zNAJemeSJr344XAGx6hIkZA/i/boW013
Ll1dXMyNqxwt6SZBcmeX/6FJUi6Fcebhba5aLoK5ROfgDQY64edwaP7HvURrFD7B
HD82xVZJADiIKGc+vv+7DusO72kFNUgA8sMYG9jcfred2VWhweTMJWY3PITb3Xux
XUwHlkIScNrl6BD96sllTLKGMIqfpVUFYiMtKQIDAQABAoIBAQCAXFJdNH0Pmy3y
UKZGBfh7pO1HiovOa70jJny/HM7UJTmwK1c12rSF5iDyAbwNfYkAfX9k3WXCbUGW
q+n7FTqK8xM6RZcLIJKi9qSbDo32X/hYTdonWc7qO4B7zpVMkzZ3ANB7yKq4tGGb
Kqi6KexnM6d9jYlV3y8cWnomZLgtBIvL1IhdPrxaLCWik6Xk453NpFCbMX/xtoGG
3aIyanDz1UgvvKP00a4+vIU9i4lsQ58F9ttxNrxSKrj3G72r5W9nF0kbp282NMQC
NUK+n+5e6xqPfEoFe4zQTsiULdmHk1R2LJ8n981eRqufXzQk8Q6MKUsK1AwIv7dr
SsE3/F9RAoGBAOiFT93N4xdLJ/HXr3AX1iE60ltcWNmHCkcagBxHsTMC+K47hkHJ
jJtRdBDYRHFct/HLBMYvmI+YG9+7DfzVLWIjrVUw6vEI6p83irxInVuoruWm4nt0
kH7XjktjW/U+GnCF+k+IzdKSLuXEs/slq+0ugx0V7GlItRnBezWM3irNAoGBAN8V
zVROFu1c/xX14ri+6Pln4bU53zqgr1NgxeOEMP1TLH18hdvK8QMKSGuIjyGjqStU
eWo90J3V5ySJg3resPpBqWz7uV+XL1QcCC5ZnQOe14z6oQojLV3860MScap4bRhd
9GW0dcnJPlHV6QYypGHuETJK5LqLYWBbTOZdpIPNAoGBALRLkqc5WyoXs6x6AuYX
BYmUs8H1tEtPw69opAfJq2QTnMJ1E2B1qNpSaX4aQ8/nBhatxlDqXRCS8KIlx+3R
WrRrV57kJHir4kl85s2iPKny/VLDeYAi3VwNRp+8NnTOJ/AyYupC+N2bTlQJl0lZ
Z5us4iuucTceEpcbCK94QFjNAoGAGIvCkvMgrK9d1eG/N4qyAbc/a3xZpo7Fm8v7
GiSSa106ePg5lkyHJkl8XHCjJxVl6MGbtmfky2kczLVgxSU5nd+Zr8cmx3DQIVYQ
RGFR2HMizn1JON9T/5JzpGakIRitEFBOMt6fUzuUYtbBlBAAbFIQjFMXRbtOVJbX
KEXHc0UCgYAp2rrSU+8eyh7PBtYW0wEO8VJVLy1G0rYRJDynkIHGAuUWe6wijB8C
I+tGtoPUkbf3J+w7N0X6OvkH1vPHC8BhY6x/VVMhpfJduMDm3MnWkLF1036MfMsh
coXqs1kXtgfj0XJlIcH+T7rP0xJjIdTIjaPoQVeG+sKzWhRoRHjSaQ==
-----END RSA PRIVATE KEY-----

kapil_rajoria · 4/5/24

Hi, check the below link:
https://medium.com/@toimrank/aem-as-a-cloud-service-osgi-configuration-secret-and-environment-variab...
Make sure you have made all the files. Please share the value of your_service.getPvtKey() method by using the debugger/loggers. Also, you can try breaking the string in several parts and see what part is causing problem.

MohanJo · 4/8/24

As a solution hasn't been found yet, I've raised a ticket with Adobe. I'll update here once I receive a resolution. Until then, I'll keep this ticket open.

arunpatidar · 4/8/24

Hi @MohanJo

Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.

Arun Patidar

MohanJo · 4/12/24

As a solution hasn't been found yet, I've raised a ticket with Adobe. I'll update here once I receive a resolution. Until then, I'll keep this ticket open.

If a question lacks a definitive answer, it should be left open. It's inappropriate to label it as "correctly answered" merely because there's a single reply. My goal is to ensure that questions aren't marked as "answered" just for the sake of it. Ideally, the correct answer should be identified and appropriately acknowledged by the individual who posed the question.

I've observed this pattern in numerous questions where they're marked as "correctly answered" despite lacking the accurate solution."

aanchal-sikka · 4/14/24

@MohanJo

Please bring the entire key in a single line. Remove all \r\n.

The Private Key should work now. Something like this

-----BEGIN RSA PRIVATE KEY----BsdfdsfjdsewedXAfah1g74bNyrxY31ewqewZ3caLDngewqedwFp01RvhewjewDKOlwvUreUK6dBbnOvrewqeWw5yMFewoYFaPeksMFSRXC7Sreewed3w6WoewqeO+R4KDSHU/Yi9PPHvH6bfVwew957eqwegrUvuIb/CBYUGg4S3R6I/zNAJeewemeSJr344XAGxewqe6hIkZA/i/boW013Ll1dXMyNqxwt6SZBcmeX/6FJUi6Fcebhba5aLnWkLF1036MfMshcoXqs1kXtgfj0XJlIcH+T7rP0xJjIdTIjaPoQVeG+sKzWhRoRHjSaQehwendshadsadhsadsadj==-----END RSA PRIVATE KEY-----

Aanchal Sikka

MohanJo · 4/14/24

@aanchal-sikka I've observed that your suggestion involves removing all line breaks and condensing the content into a single line without any spaces. I'm unsure whether this approach will be effective. Given that we're modifying the private key, there's a concern that the server may not be able to decrypt it correctly. Have you tested this approach before to ensure its compatibility and functionality?

aanchal-sikka · 4/14/24

@MohanJo

Yes, We have used the similar approach with AEM & Adobe IO integration.

Aanchal Sikka

MohanJo · 4/20/24

@aanchal-sikka Did you convert it to base64 before storing it in the environment variable? If yes, did you come across a char limit of 2048 chars?

Adobe Experience Manager Sites & More

Environment variable referenced in OSGI config doesn't work for multiline RSA PRIVATE KEY

Arun Patidar

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe