Hi Everyone,

If you use newer openssl version on the host OS where you are building the image, the decrypt will and the sharding setup will not complete.

Example:

My Host OS

[ec2-user@oracle-sharding ~]$ openssl version
OpenSSL 3.0.8 7 Feb 2023 (Library: OpenSSL 3.0.8 7 Feb 2023)

openssl enc -aes-256-cbc -salt -in /opt/.secrets/common_os_pwdfile -out /opt/.secrets/common_os_pwdfile.enc -pass file:/opt/.secrets/pwd.key

Inside the container

bash-4.2$ openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017

bash-4.2$ openssl enc -d -aes-256-cbc -in "/run/secrets/common_os_pwdfile.enc" -out /tmp/common_os_pwdfile.enc -pass file:"/run/secrets/pwd.key"
bad decrypt
140257544615824:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:618:

The solution is of course straightforward, like spinning one time alpine container with openssl version 1.0.2 with one temporary volume mount, generate the password command inside this container and copy the password to the shared location /opt/.secrets

Best regards,
Lazar