@salesforce/core
Advanced tools
Comparing version 6.6.0 to 6.7.0
@@ -24,2 +24,3 @@ import { AsyncOptionalCreatable } from '@salesforce/kit'; | ||
constructor(options?: CryptoOptions); | ||
private static unsetCryptoVersion; | ||
/** | ||
@@ -49,2 +50,3 @@ * Encrypts text. Returns the encrypted string or undefined if no string was passed. | ||
close(): void; | ||
isV2Crypto(): boolean; | ||
/** | ||
@@ -54,4 +56,8 @@ * Initialize async components. | ||
protected init(): Promise<void>; | ||
private encryptV1; | ||
private encryptV2; | ||
private decryptV1; | ||
private decryptV2; | ||
private getKeyChain; | ||
} | ||
export {}; |
@@ -40,9 +40,22 @@ "use strict"; | ||
const logger_1 = require("../logger/logger"); | ||
const lifecycleEvents_1 = require("../lifecycleEvents"); | ||
const messages_1 = require("../messages"); | ||
const cache_1 = require("../util/cache"); | ||
const global_1 = require("../global"); | ||
const sfError_1 = require("../sfError"); | ||
const keyChain_1 = require("./keyChain"); | ||
const secureBuffer_1 = require("./secureBuffer"); | ||
const TAG_DELIMITER = ':'; | ||
const BYTE_COUNT_FOR_IV = 6; | ||
const IV_BYTES = { | ||
v1: 6, | ||
v2: 12, | ||
}; | ||
const ENCODING = { | ||
v1: 'utf8', | ||
v2: 'hex', | ||
}; | ||
const KEY_SIZE = { | ||
v1: 16, | ||
v2: 32, | ||
}; | ||
const ALGO = 'aes-256-gcm'; | ||
@@ -53,7 +66,67 @@ const AUTH_TAG_LENGTH = 32; | ||
const ACCOUNT = 'local'; | ||
let cryptoLogger; | ||
const getCryptoLogger = () => { | ||
cryptoLogger ??= logger_1.Logger.childFromRoot('crypto'); | ||
return cryptoLogger; | ||
}; | ||
const getCryptoV2EnvVar = () => { | ||
let sfCryptoV2 = process.env.SF_CRYPTO_V2?.toLowerCase(); | ||
if (sfCryptoV2 !== undefined) { | ||
getCryptoLogger().debug(`SF_CRYPTO_V2=${sfCryptoV2}`); | ||
// normalize all values that aren't "true" to be "false" | ||
if (sfCryptoV2 !== 'true') { | ||
sfCryptoV2 = 'false'; | ||
} | ||
} | ||
return sfCryptoV2; | ||
}; | ||
let cryptoVersion; | ||
const getCryptoVersion = () => { | ||
if (!cryptoVersion) { | ||
// This only happens when generating a new key, so use the env var | ||
// and (for now) default to 'v1'. | ||
cryptoVersion = getCryptoV2EnvVar() === 'true' ? 'v2' : 'v1'; | ||
} | ||
return cryptoVersion; | ||
}; | ||
// Detect the crypto version based on the password (key) length. | ||
// This happens once per process. | ||
const detectCryptoVersion = (pwd) => { | ||
if (!cryptoVersion) { | ||
// check the env var to see if it's set | ||
const sfCryptoV2 = getCryptoV2EnvVar(); | ||
// Password length of 64 is v2 crypto and uses hex encoding. | ||
// Password length of 32 is v1 crypto and uses utf8 encoding. | ||
if (pwd?.length === KEY_SIZE.v2 * 2) { | ||
cryptoVersion = 'v2'; | ||
getCryptoLogger().debug('Using v2 crypto'); | ||
if (sfCryptoV2 === 'false') { | ||
getCryptoLogger().warn(messages.getMessage('v1CryptoWithV2KeyWarning')); | ||
} | ||
} | ||
else if (pwd?.length === KEY_SIZE.v1 * 2) { | ||
cryptoVersion = 'v1'; | ||
getCryptoLogger().debug('Using v1 crypto'); | ||
if (sfCryptoV2 === 'true') { | ||
getCryptoLogger().warn(messages.getMessage('v2CryptoWithV1KeyWarning')); | ||
} | ||
} | ||
else { | ||
getCryptoLogger().debug("crypto key doesn't match v1 or v2. using SF_CRYPTO_V2."); | ||
getCryptoVersion(); | ||
} | ||
void lifecycleEvents_1.Lifecycle.getInstance().emitTelemetry({ | ||
eventName: 'crypto_version', | ||
library: 'sfdx-core', | ||
function: 'detectCryptoVersion', | ||
cryptoVersion, // 'v1' or 'v2' | ||
cryptoEnvVar: sfCryptoV2, // 'true' or 'false' or 'undefined' | ||
}); | ||
} | ||
}; | ||
; | ||
const messages = new messages_1.Messages('@salesforce/core', 'encryption', new Map([["invalidEncryptedFormatError", "The encrypted data is not properly formatted."], ["invalidEncryptedFormatError.actions", ["If attempting to create a scratch org then re-authorize. Otherwise create a new scratch org."]], ["authDecryptError", "Failed to decipher auth data. reason: %s."], ["unsupportedOperatingSystemError", "Unsupported Operating System: %s"], ["missingCredentialProgramError", "Unable to find required security software: %s"], ["credentialProgramAccessError", "Unable to execute security software: %s"], ["passwordRetryError", "Failed to get the password after %i retries."], ["passwordRequiredError", "A password is required."], ["keyChainServiceRequiredError", "Unable to get or set a keychain value without a service name."], ["keyChainAccountRequiredError", "Unable to get or set a keychain value without an account name."], ["keyChainUserCanceledError", "User canceled authentication."], ["keychainPasswordCreationError", "Failed to create a password in the keychain."], ["genericKeychainServiceError", "The service and account specified in %s do not match the version of the toolbelt."], ["genericKeychainServiceError.actions", ["Check your toolbelt version and re-auth."]], ["genericKeychainInvalidPermsError", "Invalid file permissions for secret file"], ["genericKeychainInvalidPermsError.actions", ["Ensure the file %s has the file permission octal value of %s."]], ["passwordNotFoundError", "Could not find password.\n%s"], ["passwordNotFoundError.actions", ["Ensure a valid password is returned with the following command: [%s]"]], ["setCredentialError", "Command failed with response:\n%s"], ["setCredentialError.actions", ["Determine why this command failed to set an encryption key for user %s: [%s]."]], ["macKeychainOutOfSync", "We\u2019ve encountered an error with the Mac keychain being out of sync with your `sfdx` credentials. To fix the problem, sync your credentials by authenticating into your org again using the auth commands."]])); | ||
const makeSecureBuffer = (password) => { | ||
const messages = new messages_1.Messages('@salesforce/core', 'encryption', new Map([["invalidEncryptedFormatError", "The encrypted data is not properly formatted."], ["invalidEncryptedFormatError.actions", ["If attempting to create a scratch org then re-authorize. Otherwise create a new scratch org."]], ["authDecryptError", "Failed to decipher auth data. reason: %s."], ["unsupportedOperatingSystemError", "Unsupported Operating System: %s"], ["missingCredentialProgramError", "Unable to find required security software: %s"], ["credentialProgramAccessError", "Unable to execute security software: %s"], ["passwordRetryError", "Failed to get the password after %i retries."], ["passwordRequiredError", "A password is required."], ["keyChainServiceRequiredError", "Unable to get or set a keychain value without a service name."], ["keyChainAccountRequiredError", "Unable to get or set a keychain value without an account name."], ["keyChainUserCanceledError", "User canceled authentication."], ["keychainPasswordCreationError", "Failed to create a password in the keychain."], ["genericKeychainServiceError", "The service and account specified in %s do not match the version of the toolbelt."], ["genericKeychainServiceError.actions", ["Check your toolbelt version and re-auth."]], ["genericKeychainInvalidPermsError", "Invalid file permissions for secret file"], ["genericKeychainInvalidPermsError.actions", ["Ensure the file %s has the file permission octal value of %s."]], ["passwordNotFoundError", "Could not find password.\n%s"], ["passwordNotFoundError.actions", ["Ensure a valid password is returned with the following command: [%s]"]], ["setCredentialError", "Command failed with response:\n%s"], ["setCredentialError.actions", ["Determine why this command failed to set an encryption key for user %s: [%s]."]], ["macKeychainOutOfSync", "We\u2019ve encountered an error with the Mac keychain being out of sync with your `sfdx` credentials. To fix the problem, sync your credentials by authenticating into your org again using the auth commands."], ["v1CryptoWithV2KeyWarning", "The SF_CRYPTO_V2 environment variable was set to \"false\" but a v2 crypto key was detected. v1 crypto can only be used with a v1 key. Unset the SF_CRYPTO_V2 environment variable."], ["v2CryptoWithV1KeyWarning", "SF_CRYPTO_V2 was set to \"true\" but a v1 crypto key was detected. v2 crypto can only be used with a v2 key. To generate a v2 key:\n\n1. Logout of all orgs: `sf org logout --all`\n2. Delete the sfdx keychain entry (account: local, service: sfdx). If `SF_USE_GENERIC_UNIX_KEYCHAIN=true` env var is set, you can delete the `key.json` file.\n3. Set `SF_CRYPTO_V2=true` env var.\n4. Re-Authenticate with your orgs using the CLI org login commands."]])); | ||
const makeSecureBuffer = (password, encoding) => { | ||
const newSb = new secureBuffer_1.SecureBuffer(); | ||
newSb.consume(Buffer.from((0, ts_types_1.ensure)(password), 'utf8')); | ||
newSb.consume(Buffer.from(password, encoding)); | ||
return newSb; | ||
@@ -79,10 +152,15 @@ }; | ||
return reject(err); | ||
cache_1.Cache.set(cacheKey, makeSecureBuffer(password)); | ||
return resolve({ username: account, password: (0, ts_types_1.ensure)(password) }); | ||
const pwd = (0, ts_types_1.ensure)(password, 'Expected the keychain password to be set'); | ||
detectCryptoVersion(pwd); | ||
cache_1.Cache.set(cacheKey, makeSecureBuffer(pwd, ENCODING[getCryptoVersion()])); | ||
return resolve({ username: account, password: pwd }); | ||
})); | ||
} | ||
else { | ||
const pw = sb.value((buffer) => buffer.toString('utf8')); | ||
cache_1.Cache.set(cacheKey, makeSecureBuffer(pw)); | ||
return new Promise((resolve) => resolve({ username: account, password: (0, ts_types_1.ensure)(pw) })); | ||
// If the password is cached, we know the crypto version and encoding because it was | ||
// detected by the non-cache code path just above this. | ||
const encoding = ENCODING[getCryptoVersion()]; | ||
const pwd = (0, ts_types_1.ensure)(sb.value((buffer) => buffer.toString(encoding)), 'Expected the keychain password to be set'); | ||
cache_1.Cache.set(cacheKey, makeSecureBuffer(pwd, encoding)); | ||
return new Promise((resolve) => resolve({ username: account, password: pwd })); | ||
} | ||
@@ -122,2 +200,7 @@ }, | ||
} | ||
// @ts-expect-error only for test access | ||
// eslint-disable-next-line class-methods-use-this | ||
static unsetCryptoVersion() { | ||
cryptoVersion = undefined; | ||
} | ||
encrypt(text) { | ||
@@ -130,10 +213,9 @@ if (text == null) { | ||
} | ||
const iv = crypto.randomBytes(BYTE_COUNT_FOR_IV).toString('hex'); | ||
return this.key.value((buffer) => { | ||
const cipher = crypto.createCipheriv(ALGO, buffer.toString('utf8'), iv); | ||
let encrypted = cipher.update(text, 'utf8', 'hex'); | ||
encrypted += cipher.final('hex'); | ||
const tag = cipher.getAuthTag().toString('hex'); | ||
return `${iv}${encrypted}${TAG_DELIMITER}${tag}`; | ||
}); | ||
// When everything is v2, we can remove the else | ||
if (this.isV2Crypto()) { | ||
return this.encryptV2(text); | ||
} | ||
else { | ||
return this.encryptV1(text); | ||
} | ||
} | ||
@@ -148,23 +230,9 @@ decrypt(text) { | ||
} | ||
const tag = tokens[1]; | ||
const iv = tokens[0].substring(0, BYTE_COUNT_FOR_IV * 2); | ||
const secret = tokens[0].substring(BYTE_COUNT_FOR_IV * 2, tokens[0].length); | ||
return this.key.value((buffer) => { | ||
const decipher = crypto.createDecipheriv(ALGO, buffer.toString('utf8'), iv); | ||
let dec; | ||
try { | ||
decipher.setAuthTag(Buffer.from(tag, 'hex')); | ||
dec = decipher.update(secret, 'hex', 'utf8'); | ||
dec += decipher.final('utf8'); | ||
} | ||
catch (err) { | ||
const error = messages.createError('authDecryptError', [err.message], [], err); | ||
const useGenericUnixKeychain = kit_1.env.getBoolean('SF_USE_GENERIC_UNIX_KEYCHAIN') || kit_1.env.getBoolean('USE_GENERIC_UNIX_KEYCHAIN'); | ||
if (os.platform() === 'darwin' && !useGenericUnixKeychain) { | ||
error.actions = [messages.getMessage('macKeychainOutOfSync')]; | ||
} | ||
throw error; | ||
} | ||
return dec; | ||
}); | ||
// When everything is v2, we can remove the else | ||
if (this.isV2Crypto()) { | ||
return this.decryptV2(tokens); | ||
} | ||
else { | ||
return this.decryptV1(tokens); | ||
} | ||
} | ||
@@ -190,3 +258,3 @@ /** | ||
return (tag.length === AUTH_TAG_LENGTH && | ||
value.length >= BYTE_COUNT_FOR_IV && | ||
value.length >= IV_BYTES[getCryptoVersion()] && | ||
ENCRYPTED_CHARS.test(tag) && | ||
@@ -203,2 +271,6 @@ ENCRYPTED_CHARS.test(tokens[0])); | ||
} | ||
// eslint-disable-next-line class-methods-use-this | ||
isV2Crypto() { | ||
return getCryptoVersion() === 'v2'; | ||
} | ||
/** | ||
@@ -208,11 +280,11 @@ * Initialize async components. | ||
async init() { | ||
const logger = await logger_1.Logger.child('crypto'); | ||
if (!this.options.platform) { | ||
this.options.platform = os.platform(); | ||
} | ||
logger.debug(`retryStatus: ${this.options.retryStatus}`); | ||
this.noResetOnClose = !!this.options.noResetOnClose; | ||
try { | ||
this.key.consume(Buffer.from((await keychainPromises.getPassword(await this.getKeyChain(this.options.platform), KEY_NAME, ACCOUNT)) | ||
.password, 'utf8')); | ||
const keyChain = await this.getKeyChain(this.options.platform); | ||
const pwd = (await keychainPromises.getPassword(keyChain, KEY_NAME, ACCOUNT)).password; | ||
// The above line ensures the crypto version is detected and set so we can rely on it now. | ||
this.key.consume(Buffer.from(pwd, ENCODING[getCryptoVersion()])); | ||
} | ||
@@ -224,10 +296,12 @@ catch (err) { | ||
if (this.options.retryStatus === 'KEY_SET') { | ||
logger.debug('a key was set but the retry to get the password failed.'); | ||
getCryptoLogger().debug('a key was set but the retry to get the password failed.'); | ||
throw err; | ||
} | ||
else { | ||
logger.debug('password not found in keychain attempting to created one and re-init.'); | ||
getCryptoLogger().debug(`password not found in keychain. Creating new one (Crypto ${getCryptoVersion()}) and re-init.`); | ||
} | ||
const key = crypto.randomBytes(Math.ceil(16)).toString('hex'); | ||
// Create a new password in the KeyChain. | ||
// 2/6/2024: This generates a new key using the crypto version based on the SF_CRYPTO_V2 env var. | ||
// Sometime in the future we could hardcode this to be `KEY_SIZE.v2` so that it becomes the default. | ||
const key = crypto.randomBytes(KEY_SIZE[getCryptoVersion()]).toString('hex'); | ||
// Set the new password in the KeyChain. | ||
await keychainPromises.setPassword((0, ts_types_1.ensure)(this.options.keychain), KEY_NAME, ACCOUNT, key); | ||
@@ -241,2 +315,64 @@ return this.init(); | ||
} | ||
encryptV1(text) { | ||
const iv = crypto.randomBytes(IV_BYTES.v1).toString('hex'); | ||
return this.key.value((buffer) => { | ||
const cipher = crypto.createCipheriv(ALGO, buffer.toString('utf8'), iv); | ||
let encrypted = cipher.update(text, 'utf8', 'hex'); | ||
encrypted += cipher.final('hex'); | ||
const tag = cipher.getAuthTag().toString('hex'); | ||
return `${iv}${encrypted}${TAG_DELIMITER}${tag}`; | ||
}); | ||
} | ||
encryptV2(text) { | ||
const iv = crypto.randomBytes(IV_BYTES.v2); | ||
return this.key.value((buffer) => { | ||
const cipher = crypto.createCipheriv(ALGO, buffer, iv); | ||
const ivHex = iv.toString('hex'); | ||
let encrypted = cipher.update(text, 'utf8', 'hex'); | ||
encrypted += cipher.final('hex'); | ||
const tag = cipher.getAuthTag().toString('hex'); | ||
return `${ivHex}${encrypted}${TAG_DELIMITER}${tag}`; | ||
}); | ||
} | ||
decryptV1(tokens) { | ||
const tag = tokens[1]; | ||
const iv = tokens[0].substring(0, IV_BYTES.v1 * 2); | ||
const secret = tokens[0].substring(IV_BYTES.v1 * 2, tokens[0].length); | ||
return this.key.value((buffer) => { | ||
const decipher = crypto.createDecipheriv(ALGO, buffer.toString('utf8'), iv); | ||
try { | ||
decipher.setAuthTag(Buffer.from(tag, 'hex')); | ||
return `${decipher.update(secret, 'hex', 'utf8')}${decipher.final('utf8')}`; | ||
} | ||
catch (err) { | ||
const error = messages.createError('authDecryptError', [err.message], [], err); | ||
const useGenericUnixKeychain = kit_1.env.getBoolean('SF_USE_GENERIC_UNIX_KEYCHAIN') || kit_1.env.getBoolean('USE_GENERIC_UNIX_KEYCHAIN'); | ||
if (os.platform() === 'darwin' && !useGenericUnixKeychain) { | ||
error.actions = [messages.getMessage('macKeychainOutOfSync')]; | ||
} | ||
throw error; | ||
} | ||
}); | ||
} | ||
decryptV2(tokens) { | ||
const tag = tokens[1]; | ||
const iv = tokens[0].substring(0, IV_BYTES.v2 * 2); | ||
const secret = tokens[0].substring(IV_BYTES.v2 * 2, tokens[0].length); | ||
return this.key.value((buffer) => { | ||
const decipher = crypto.createDecipheriv(ALGO, buffer, Buffer.from(iv, 'hex')); | ||
try { | ||
decipher.setAuthTag(Buffer.from(tag, 'hex')); | ||
return `${decipher.update(secret, 'hex', 'utf8')}${decipher.final('utf8')}`; | ||
} | ||
catch (_err) { | ||
const err = ((0, ts_types_1.isString)(_err) ? sfError_1.SfError.wrap(_err) : _err); | ||
const error = messages.createError('authDecryptError', [err.message], [], err); | ||
const useGenericUnixKeychain = kit_1.env.getBoolean('SF_USE_GENERIC_UNIX_KEYCHAIN') || kit_1.env.getBoolean('USE_GENERIC_UNIX_KEYCHAIN'); | ||
if (os.platform() === 'darwin' && !useGenericUnixKeychain) { | ||
error.actions = [messages.getMessage('macKeychainOutOfSync')]; | ||
} | ||
throw error; | ||
} | ||
}); | ||
} | ||
async getKeyChain(platform) { | ||
@@ -243,0 +379,0 @@ if (!this.options.keychain) { |
@@ -15,3 +15,3 @@ "use strict"; | ||
; | ||
const messages = new messages_1.Messages('@salesforce/core', 'encryption', new Map([["invalidEncryptedFormatError", "The encrypted data is not properly formatted."], ["invalidEncryptedFormatError.actions", ["If attempting to create a scratch org then re-authorize. Otherwise create a new scratch org."]], ["authDecryptError", "Failed to decipher auth data. reason: %s."], ["unsupportedOperatingSystemError", "Unsupported Operating System: %s"], ["missingCredentialProgramError", "Unable to find required security software: %s"], ["credentialProgramAccessError", "Unable to execute security software: %s"], ["passwordRetryError", "Failed to get the password after %i retries."], ["passwordRequiredError", "A password is required."], ["keyChainServiceRequiredError", "Unable to get or set a keychain value without a service name."], ["keyChainAccountRequiredError", "Unable to get or set a keychain value without an account name."], ["keyChainUserCanceledError", "User canceled authentication."], ["keychainPasswordCreationError", "Failed to create a password in the keychain."], ["genericKeychainServiceError", "The service and account specified in %s do not match the version of the toolbelt."], ["genericKeychainServiceError.actions", ["Check your toolbelt version and re-auth."]], ["genericKeychainInvalidPermsError", "Invalid file permissions for secret file"], ["genericKeychainInvalidPermsError.actions", ["Ensure the file %s has the file permission octal value of %s."]], ["passwordNotFoundError", "Could not find password.\n%s"], ["passwordNotFoundError.actions", ["Ensure a valid password is returned with the following command: [%s]"]], ["setCredentialError", "Command failed with response:\n%s"], ["setCredentialError.actions", ["Determine why this command failed to set an encryption key for user %s: [%s]."]], ["macKeychainOutOfSync", "We\u2019ve encountered an error with the Mac keychain being out of sync with your `sfdx` credentials. To fix the problem, sync your credentials by authenticating into your org again using the auth commands."]])); | ||
const messages = new messages_1.Messages('@salesforce/core', 'encryption', new Map([["invalidEncryptedFormatError", "The encrypted data is not properly formatted."], ["invalidEncryptedFormatError.actions", ["If attempting to create a scratch org then re-authorize. Otherwise create a new scratch org."]], ["authDecryptError", "Failed to decipher auth data. reason: %s."], ["unsupportedOperatingSystemError", "Unsupported Operating System: %s"], ["missingCredentialProgramError", "Unable to find required security software: %s"], ["credentialProgramAccessError", "Unable to execute security software: %s"], ["passwordRetryError", "Failed to get the password after %i retries."], ["passwordRequiredError", "A password is required."], ["keyChainServiceRequiredError", "Unable to get or set a keychain value without a service name."], ["keyChainAccountRequiredError", "Unable to get or set a keychain value without an account name."], ["keyChainUserCanceledError", "User canceled authentication."], ["keychainPasswordCreationError", "Failed to create a password in the keychain."], ["genericKeychainServiceError", "The service and account specified in %s do not match the version of the toolbelt."], ["genericKeychainServiceError.actions", ["Check your toolbelt version and re-auth."]], ["genericKeychainInvalidPermsError", "Invalid file permissions for secret file"], ["genericKeychainInvalidPermsError.actions", ["Ensure the file %s has the file permission octal value of %s."]], ["passwordNotFoundError", "Could not find password.\n%s"], ["passwordNotFoundError.actions", ["Ensure a valid password is returned with the following command: [%s]"]], ["setCredentialError", "Command failed with response:\n%s"], ["setCredentialError.actions", ["Determine why this command failed to set an encryption key for user %s: [%s]."]], ["macKeychainOutOfSync", "We\u2019ve encountered an error with the Mac keychain being out of sync with your `sfdx` credentials. To fix the problem, sync your credentials by authenticating into your org again using the auth commands."], ["v1CryptoWithV2KeyWarning", "The SF_CRYPTO_V2 environment variable was set to \"false\" but a v2 crypto key was detected. v1 crypto can only be used with a v1 key. Unset the SF_CRYPTO_V2 environment variable."], ["v2CryptoWithV1KeyWarning", "SF_CRYPTO_V2 was set to \"true\" but a v1 crypto key was detected. v2 crypto can only be used with a v2 key. To generate a v2 key:\n\n1. Logout of all orgs: `sf org logout --all`\n2. Delete the sfdx keychain entry (account: local, service: sfdx). If `SF_USE_GENERIC_UNIX_KEYCHAIN=true` env var is set, you can delete the `key.json` file.\n3. Set `SF_CRYPTO_V2=true` env var.\n4. Re-Authenticate with your orgs using the CLI org login commands."]])); | ||
/** | ||
@@ -18,0 +18,0 @@ * Gets the os level keychain impl. |
@@ -44,3 +44,3 @@ "use strict"; | ||
; | ||
const messages = new messages_1.Messages('@salesforce/core', 'encryption', new Map([["invalidEncryptedFormatError", "The encrypted data is not properly formatted."], ["invalidEncryptedFormatError.actions", ["If attempting to create a scratch org then re-authorize. Otherwise create a new scratch org."]], ["authDecryptError", "Failed to decipher auth data. reason: %s."], ["unsupportedOperatingSystemError", "Unsupported Operating System: %s"], ["missingCredentialProgramError", "Unable to find required security software: %s"], ["credentialProgramAccessError", "Unable to execute security software: %s"], ["passwordRetryError", "Failed to get the password after %i retries."], ["passwordRequiredError", "A password is required."], ["keyChainServiceRequiredError", "Unable to get or set a keychain value without a service name."], ["keyChainAccountRequiredError", "Unable to get or set a keychain value without an account name."], ["keyChainUserCanceledError", "User canceled authentication."], ["keychainPasswordCreationError", "Failed to create a password in the keychain."], ["genericKeychainServiceError", "The service and account specified in %s do not match the version of the toolbelt."], ["genericKeychainServiceError.actions", ["Check your toolbelt version and re-auth."]], ["genericKeychainInvalidPermsError", "Invalid file permissions for secret file"], ["genericKeychainInvalidPermsError.actions", ["Ensure the file %s has the file permission octal value of %s."]], ["passwordNotFoundError", "Could not find password.\n%s"], ["passwordNotFoundError.actions", ["Ensure a valid password is returned with the following command: [%s]"]], ["setCredentialError", "Command failed with response:\n%s"], ["setCredentialError.actions", ["Determine why this command failed to set an encryption key for user %s: [%s]."]], ["macKeychainOutOfSync", "We\u2019ve encountered an error with the Mac keychain being out of sync with your `sfdx` credentials. To fix the problem, sync your credentials by authenticating into your org again using the auth commands."]])); | ||
const messages = new messages_1.Messages('@salesforce/core', 'encryption', new Map([["invalidEncryptedFormatError", "The encrypted data is not properly formatted."], ["invalidEncryptedFormatError.actions", ["If attempting to create a scratch org then re-authorize. Otherwise create a new scratch org."]], ["authDecryptError", "Failed to decipher auth data. reason: %s."], ["unsupportedOperatingSystemError", "Unsupported Operating System: %s"], ["missingCredentialProgramError", "Unable to find required security software: %s"], ["credentialProgramAccessError", "Unable to execute security software: %s"], ["passwordRetryError", "Failed to get the password after %i retries."], ["passwordRequiredError", "A password is required."], ["keyChainServiceRequiredError", "Unable to get or set a keychain value without a service name."], ["keyChainAccountRequiredError", "Unable to get or set a keychain value without an account name."], ["keyChainUserCanceledError", "User canceled authentication."], ["keychainPasswordCreationError", "Failed to create a password in the keychain."], ["genericKeychainServiceError", "The service and account specified in %s do not match the version of the toolbelt."], ["genericKeychainServiceError.actions", ["Check your toolbelt version and re-auth."]], ["genericKeychainInvalidPermsError", "Invalid file permissions for secret file"], ["genericKeychainInvalidPermsError.actions", ["Ensure the file %s has the file permission octal value of %s."]], ["passwordNotFoundError", "Could not find password.\n%s"], ["passwordNotFoundError.actions", ["Ensure a valid password is returned with the following command: [%s]"]], ["setCredentialError", "Command failed with response:\n%s"], ["setCredentialError.actions", ["Determine why this command failed to set an encryption key for user %s: [%s]."]], ["macKeychainOutOfSync", "We\u2019ve encountered an error with the Mac keychain being out of sync with your `sfdx` credentials. To fix the problem, sync your credentials by authenticating into your org again using the auth commands."], ["v1CryptoWithV2KeyWarning", "The SF_CRYPTO_V2 environment variable was set to \"false\" but a v2 crypto key was detected. v1 crypto can only be used with a v1 key. Unset the SF_CRYPTO_V2 environment variable."], ["v2CryptoWithV1KeyWarning", "SF_CRYPTO_V2 was set to \"true\" but a v1 crypto key was detected. v2 crypto can only be used with a v2 key. To generate a v2 key:\n\n1. Logout of all orgs: `sf org logout --all`\n2. Delete the sfdx keychain entry (account: local, service: sfdx). If `SF_USE_GENERIC_UNIX_KEYCHAIN=true` env var is set, you can delete the `key.json` file.\n3. Set `SF_CRYPTO_V2=true` env var.\n4. Re-Authenticate with your orgs using the CLI org login commands."]])); | ||
const GET_PASSWORD_RETRY_COUNT = 3; | ||
@@ -47,0 +47,0 @@ /** |
@@ -86,1 +86,14 @@ # invalidEncryptedFormatError | ||
We’ve encountered an error with the Mac keychain being out of sync with your `sfdx` credentials. To fix the problem, sync your credentials by authenticating into your org again using the auth commands. | ||
# v1CryptoWithV2KeyWarning | ||
The SF_CRYPTO_V2 environment variable was set to "false" but a v2 crypto key was detected. v1 crypto can only be used with a v1 key. Unset the SF_CRYPTO_V2 environment variable. | ||
# v2CryptoWithV1KeyWarning | ||
SF_CRYPTO_V2 was set to "true" but a v1 crypto key was detected. v2 crypto can only be used with a v2 key. To generate a v2 key: | ||
1. Logout of all orgs: `sf org logout --all` | ||
2. Delete the sfdx keychain entry (account: local, service: sfdx). If `SF_USE_GENERIC_UNIX_KEYCHAIN=true` env var is set, you can delete the `key.json` file. | ||
3. Set `SF_CRYPTO_V2=true` env var. | ||
4. Re-Authenticate with your orgs using the CLI org login commands. |
{ | ||
"name": "@salesforce/core", | ||
"version": "6.6.0", | ||
"version": "6.7.0", | ||
"description": "Core libraries to interact with SFDX projects, orgs, and APIs.", | ||
@@ -5,0 +5,0 @@ "main": "lib/exported", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
1031209
21915
29