Git sync with token doesn't work with custom database encryption key

Product: PowerShell Universal
Version: 5.5.2

Hi there,

we just set up a custom encryption key as documented in Variables | PowerShell Universal.
After restart the previously configured Git sync is not working and the secret can’t be set anymore.

2025-05-15 08:25:00.607 +02:00 [ERR][UniversalAutomation.GitSyncService] Failed to sync: Specified key is not a valid size for this algorithm.    at LibGit2Sharp.Core.Ensure.HandleError(Int32 result) in /_/LibGit2Sharp/Core/Ensure.cs:line 154
   at LibGit2Sharp.Core.Ensure.ZeroResult(Int32 result) in /_/LibGit2Sharp/Core/Ensure.cs:line 172
   at LibGit2Sharp.Core.Proxy.git_remote_fetch(RemoteHandle remote, IEnumerable`1 refSpecs, GitFetchOptions fetchOptions, String logMessage) in /_/LibGit2Sharp/Core/Proxy.cs:line 2289
   at LibGit2Sharp.Commands.Fetch(Repository repository, String remote, IEnumerable`1 refspecs, FetchOptions options, String logMessage) in /_/LibGit2Sharp/Commands/Fetch.cs:line 79
   at LibGit2Sharp.Commands.Pull(Repository repository, Signature merger, PullOptions options) in /_/LibGit2Sharp/Commands/Pull.cs:line 36
   at PowerShellUniversal.Git.GitService.Pull() in D:\a\universal\universal\src\PowerShellUniversal.Git\GitService.cs:line 875
   at UniversalAutomation.GitSyncService.TrySync(GitStatus status, Boolean force, GitSettings settings) in D:\a\universal\universal\src\PowerShellUniversal.Git\GitSyncService.cs:line 188
   at UniversalAutomation.GitSyncService.Sync(Boolean force, Boolean throwOnFailure) in D:\a\universal\universal\src\PowerShellUniversal.Git\GitSyncService.cs:line 88

I think the issue is that due to security and compliance we do not use a username / password, but a x-auth-token as username and the token as value, which is quite long.
Without custom encryption key it works like a charm :wink:

Best,
Matthias

Maybe I’m misunderstanding your scenario but, are you saying you stored your Git sync settings in the database that with values encrypted with the default encryption key, then you changed the key PSU tries to use (which doesn’t change the key of entries in an existing database - it just tells PSU to use a different key from that point on), and you think the issue is your Git token despite it working fine if you remove the custom encryption key string in appsettings.json?

Hi @Jesse.Peden,
we first implemented Git Sync (worked).
Then we added the custom encryption key.
With the restart of the service we immediately got the error message notification with the first login. The same message then pops up when we tried to save again / overwrite the password of the git sync user.
In our case the password is not just a password but a access token for the user x-auth-token…so a reeeeaaaaaaaaaallyyyyyyy looooooooong string.

Best,
Matthias

Right. I understand the scenario. Here’s what I would do, then. I’d remove all Git sync settings in PSU while the default encryption key is still set, stop the PSU service, remote into the PSU server, set the key you want to use in appsettings.json, open the database using something like DB Browser, go to the GitSettings table, remove the “old” entry. Start the PSU service back up, set the Git settings, and see what happens.

Hi @Jesse.Peden
that’s exactly what we did: nothing to be removed by DB Browser, double-checked it, the Git Settings table is empty after removing the Git Settings.
The issue really seems to be that the encryption routing doesn’t accept the length of the access token as soon as there is a custom encryption key:

  • all previous Git settings are removed
  • stop PSU
  • set custom encryption key
  • start PSU
  • login + creat Git settings → error modal + infinity spinning wheel in dialog: