From fb79deb833c798f68b75e075f8cf6aa2146ad523 Mon Sep 17 00:00:00 2001 From: Gabriel Ferreira Date: Thu, 2 Apr 2026 15:22:57 -0300 Subject: [PATCH] fix(bank-transfer): correct encryption key env var names The source code expects JD_INCOMING_RAW_XML_ENCRYPTION_KEY and RECIPIENT_DETAILS_ENCRYPTION_KEY (hex-encoded), but the helm chart was creating env vars with _BASE64 suffix which the app doesn't read. This caused the pod to crash with 'JD_INCOMING_RAW_XML_ENCRYPTION_KEY is required' error because the env var name didn't match. Changes: - Rename env vars from *_BASE64 to match source code expectations - Update comments to clarify hex-encoding format (64 hex chars) - Update values.yaml, values-template.yaml, and README.md accordingly Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com> --- charts/plugin-br-bank-transfer/README.md | 4 ++-- charts/plugin-br-bank-transfer/templates/secrets.yaml | 8 +++++--- charts/plugin-br-bank-transfer/values-template.yaml | 6 +++--- charts/plugin-br-bank-transfer/values.yaml | 6 +++--- 4 files changed, 13 insertions(+), 11 deletions(-) diff --git a/charts/plugin-br-bank-transfer/README.md b/charts/plugin-br-bank-transfer/README.md index 68c2c54e..955cc700 100644 --- a/charts/plugin-br-bank-transfer/README.md +++ b/charts/plugin-br-bank-transfer/README.md @@ -188,8 +188,8 @@ Key secrets configured via `bankTransfer.secrets`: | `REDIS_PASSWORD` | Redis/Valkey password | | `MONGO_PASSWORD` | MongoDB password | | `MONGO_URI` | MongoDB connection URI (auto-generated if not provided) | -| `JD_INCOMING_RAW_XML_ENCRYPTION_KEY_BASE64` | Encryption key (32-byte base64) | -| `RECIPIENT_DETAILS_ENCRYPTION_KEY_BASE64` | Encryption key (32-byte base64) | +| `JD_INCOMING_RAW_XML_ENCRYPTION_KEY` | Encryption key (hex-encoded 32-byte AES-256, 64 hex chars) | +| `RECIPIENT_DETAILS_ENCRYPTION_KEY` | Encryption key (hex-encoded 32-byte AES-256, 64 hex chars) | | `JD_WEBHOOK_NOTIFICATION_RAW_XML_DECRYPTION_KEY_BASE64` | Decryption key (32-byte base64) | --- diff --git a/charts/plugin-br-bank-transfer/templates/secrets.yaml b/charts/plugin-br-bank-transfer/templates/secrets.yaml index bdf876f3..e1a7610c 100644 --- a/charts/plugin-br-bank-transfer/templates/secrets.yaml +++ b/charts/plugin-br-bank-transfer/templates/secrets.yaml @@ -73,9 +73,11 @@ stringData: JD_PRIVATE_KEY_PEM: {{ .Values.bankTransfer.secrets.JD_PRIVATE_KEY_PEM | quote }} {{- end }} - # Encryption Keys (32-byte base64 encoded) - JD_INCOMING_RAW_XML_ENCRYPTION_KEY_BASE64: {{ required "bankTransfer.secrets.JD_INCOMING_RAW_XML_ENCRYPTION_KEY_BASE64 is required" .Values.bankTransfer.secrets.JD_INCOMING_RAW_XML_ENCRYPTION_KEY_BASE64 | quote }} - RECIPIENT_DETAILS_ENCRYPTION_KEY_BASE64: {{ required "bankTransfer.secrets.RECIPIENT_DETAILS_ENCRYPTION_KEY_BASE64 is required" .Values.bankTransfer.secrets.RECIPIENT_DETAILS_ENCRYPTION_KEY_BASE64 | quote }} + # Encryption Keys + # The application expects hex-encoded 32-byte AES-256 keys (64 hex characters). + # Values.bankTransfer.secrets should provide hex-encoded keys directly. + JD_INCOMING_RAW_XML_ENCRYPTION_KEY: {{ required "bankTransfer.secrets.JD_INCOMING_RAW_XML_ENCRYPTION_KEY is required" .Values.bankTransfer.secrets.JD_INCOMING_RAW_XML_ENCRYPTION_KEY | quote }} + RECIPIENT_DETAILS_ENCRYPTION_KEY: {{ required "bankTransfer.secrets.RECIPIENT_DETAILS_ENCRYPTION_KEY is required" .Values.bankTransfer.secrets.RECIPIENT_DETAILS_ENCRYPTION_KEY | quote }} # Midaz M2M Credentials (optional) {{- if .Values.bankTransfer.secrets.MIDAZ_CLIENT_ID }} diff --git a/charts/plugin-br-bank-transfer/values-template.yaml b/charts/plugin-br-bank-transfer/values-template.yaml index c9191080..4eca9950 100644 --- a/charts/plugin-br-bank-transfer/values-template.yaml +++ b/charts/plugin-br-bank-transfer/values-template.yaml @@ -202,9 +202,9 @@ bankTransfer: # JD_PASSWORD: "" # JD_PRIVATE_KEY_PEM: "" - # Encryption Keys - REQUIRED (32-byte base64 encoded) - JD_INCOMING_RAW_XML_ENCRYPTION_KEY_BASE64: "" # REQUIRED - RECIPIENT_DETAILS_ENCRYPTION_KEY_BASE64: "" # REQUIRED + # Encryption Keys - REQUIRED (hex-encoded 32-byte AES-256 keys, 64 hex characters) + JD_INCOMING_RAW_XML_ENCRYPTION_KEY: "" # REQUIRED + RECIPIENT_DETAILS_ENCRYPTION_KEY: "" # REQUIRED # Midaz M2M Credentials (if MIDAZ_AUTH_ENABLED=true) # MIDAZ_CLIENT_ID: "" diff --git a/charts/plugin-br-bank-transfer/values.yaml b/charts/plugin-br-bank-transfer/values.yaml index 7b8d4539..b77a8cfa 100644 --- a/charts/plugin-br-bank-transfer/values.yaml +++ b/charts/plugin-br-bank-transfer/values.yaml @@ -360,9 +360,9 @@ bankTransfer: # JD_PASSWORD: "" # JD_PRIVATE_KEY_PEM: "" - # Encryption Keys (REQUIRED - 32-byte base64 encoded) - JD_INCOMING_RAW_XML_ENCRYPTION_KEY_BASE64: "" - RECIPIENT_DETAILS_ENCRYPTION_KEY_BASE64: "" + # Encryption Keys (REQUIRED - hex-encoded 32-byte AES-256 keys, 64 hex characters) + JD_INCOMING_RAW_XML_ENCRYPTION_KEY: "" + RECIPIENT_DETAILS_ENCRYPTION_KEY: "" # Midaz M2M Credentials (optional) # MIDAZ_CLIENT_ID: "" # MIDAZ_CLIENT_SECRET: ""