Unknown cipher data id 0 when performing certain actions in Bamboo on Windows after switching Bamboo to run as a Service

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Problem

Certain actions within Bamboo present a java.lang.IllegalArgumentException: Unknown cipher data id 0 exception after switching Bamboo to run as a Windows Service. Actions include but not limited to:

  • Creating / deleting / viewing a repository.

  • Shared credentials UI.

  • Variables UI.

  • Starting a plan or build.

Diagnosis

A stack trace similar to the following is shown in the UI (and logged to atlassian-bamboo.log) when performing certain actions in Bamboo:

1 2 3 4 5 6 7 8 9 10 2017-05-18 22:29:26,005 WARN [10-BAM::PlanExec:pool-18-thread-4] [PlanExecutionManagerImpl] Unknown error during doWithProcessLock io.atlassian.util.concurrent.LazyReference$InitializationException: java.lang.IllegalArgumentException: Unknown cipher data id 0 at io.atlassian.util.concurrent.LazyReference.getInterruptibly(LazyReference.java:156) at io.atlassian.util.concurrent.LazyReference.get(LazyReference.java:116) at com.atlassian.bamboo.plan.cache.AbstractImmutableChain.getPlanRepositoryDefinitions(AbstractImmutableChain.java:263) ... Caused by: java.lang.IllegalArgumentException: Unknown cipher data id 0 at com.google.common.base.Preconditions.checkArgument(Preconditions.java:122) at com.atlassian.bamboo.crypto.instance.InstanceSecretStorage.getCipherData(InstanceSecretStorage.java:105) at com.atlassian.bamboo.crypto.instance.InstanceSecretStorage.getKeyAndIv(InstanceSecretStorage.java:95)

Both of the below criteria are true:

  • <BAMBOO-HOME>/xml-data/configuration/cipher/cipher.key_0 exists as a non 0 byte file.

  • The below SQL statement returns two rows:

    1 2 3 SELECT * FROM BANDANA WHERE BANDANA_KEY LIKE '%cipher%';

Cause

Bamboo 5.15.x shipped with a new System-wide encryption. The encryption key is stored in the database and on the filesystem. Both the filesystem and the database key parts are required to perform successful decryption. The key part stored on your filesystem is located under <BAMBOO-HOME>/xml-data/configuration/cipher.

When Bamboo first generates the filesystem key part, it limits ownership and access of this file to only the user running Bamboo. We see this cause issues on Windows as the the user running the process often gets changed when configuring Bamboo to run as a service as opposed to a console application. When the process is started as a different user to the user running Bamboo when the filesystem key part was first generated, Bamboo can no longer access the filesystem key part.

Solution

Resolution

Correct the Security ACL (Right click > Properties > Security) on both the cipher directory and cipher key so that the user that's starting Bamboo has ownership:

1 2 - <BAMBOO-HOME>/xml-data/configuration/cipher/ -- <BAMBOO-HOME>/xml-data/configuration/cipher/cipher.key_0

For a Windows Service running as the LOCAL SYSTEM user; ensure that the BUILT-IN\Administrators group has ownership.

Updated on April 2, 2025
Platform
Data Center only
Product
Bamboo Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community