Ruby Console Script to Find Fields that Cannot Be Decrypted

This script can help find resources that are unable to be decrypted by the Cloud Controller's configured set of encryption keys.

Starting the Ruby Console

Go to /var/vcap/jobs/cloud_controller_ng/bin/console

Running the Script

Run the following in the Ruby console:

Encryptor.encrypted_classes.each do |class_name|
  klass = class_name.constantize
  klass.all do |model_instance|
    encrypted_field = klass.all_encrypted_fields.first[:field_name]
    begin
      model_instance.send(encrypted_field)
    rescue => e
      puts "#{e} occurred"
      puts "failed to decrypt #{encrypted_field} for #{klass} with guid #{model_instance.guid}"
    end
  end
end

Example output from a test environment with an incorrect database encryption key:

bad decrypt occurred
failed to decrypt environment_variables for VCAP::CloudController::AppModel with guid bc759474-25a3-4d60-b40a-b1e7f1afe22b
bad decrypt occurred
failed to decrypt environment_variables for VCAP::CloudController::AppModel with guid 19a2947d-c0fb-43ae-9d1c-b790cdf0d34e
bad decrypt occurred
failed to decrypt environment_variables for VCAP::CloudController::AppModel with guid 1b9a192c-3433-4128-aab3-58c1a5619cc5
bad decrypt occurred
failed to decrypt environment_variables for VCAP::CloudController::AppModel with guid 5affdabc-594a-495d-897e-e834a0722418
bad decrypt occurred
failed to decrypt environment_variables for VCAP::CloudController::AppModel with guid 80160949-0aad-4646-b5d4-61ca6164d51d
bad decrypt occurred
failed to decrypt environment_variables for VCAP::CloudController::AppModel with guid c0b85a68-ebb5-4639-95a2-c678b5c1e7e4
bad decrypt occurred
failed to decrypt environment_variables for VCAP::CloudController::AppModel with guid 2730d6ab-df2c-4656-a5ff-c30408f408f1
bad decrypt occurred
failed to decrypt environment_variables for VCAP::CloudController::AppModel with guid 9675c94e-8b39-47cc-9520-ed61b7b4c43a
bad decrypt occurred
failed to decrypt environment_variables for VCAP::CloudController::AppModel with guid f074fdac-c767-402f-8a4f-d1176eca34b5
bad decrypt occurred
failed to decrypt environment_variables for VCAP::CloudController::AppModel with guid 7c656a07-56b0-4be4-af6a-8bb75618b35b
bad decrypt occurred
failed to decrypt environment_variables for VCAP::CloudController::AppModel with guid 876ce6fd-b3f4-4ec4-a03b-0b210a201ef9
bad decrypt occurred
failed to decrypt environment_variables for VCAP::CloudController::AppModel with guid 76471509-fa76-4c8f-8672-a6206e50b9bd
bad decrypt occurred
failed to decrypt environment_variables for VCAP::CloudController::AppModel with guid b689ca11-510f-4e39-93d4-36a9396ddbb7
bad decrypt occurred
failed to decrypt environment_variables for VCAP::CloudController::AppModel with guid 4c368fc9-8e85-45f1-9de0-6c8de0a12d65
bad decrypt occurred
failed to decrypt environment_variables for VCAP::CloudController::AppModel with guid 9c2f7d9f-61e9-4ed0-ad5e-956340317487
bad decrypt occurred
failed to decrypt environment_variables for VCAP::CloudController::AppModel with guid 10464820-cb24-415c-8485-f758129fb594
bad decrypt occurred
failed to decrypt environment_variables for VCAP::CloudController::AppModel with guid 4ca769b7-fe24-4129-b4c9-8f4ae7b24a0a
bad decrypt occurred
failed to decrypt environment_variables for VCAP::CloudController::AppModel with guid 18e4aa67-7d8c-4b8d-ac15-c138e9160e2c
bad decrypt occurred
failed to decrypt buildpack_url for VCAP::CloudController::BuildpackLifecycleDataModel with guid b6611d59-98c0-4b83-ada1-4d8b3b1df88f
bad decrypt occurred
failed to decrypt buildpack_url for VCAP::CloudController::BuildpackLifecycleDataModel with guid dbb084f9-0a5c-4609-afb4-d7572ddce012
bad decrypt occurred
failed to decrypt buildpack_url for VCAP::CloudController::BuildpackLifecycleBuildpackModel with guid 129503f8-202c-4004-aea2-e9b7c6313f47
bad decrypt occurred
failed to decrypt buildpack_url for VCAP::CloudController::BuildpackLifecycleBuildpackModel with guid 8c9e75e4-656e-4119-b68f-3e84f535e6c4