HI all

I am facing and issue while stating the server i am facing the below issue . i am using jdk version 221 and wildfly 17.

also i check in the module.xml file dependency is there.

08:21:14,493 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("core-service" => "vault")]): org.jboss.as.server.services.security.VaultReaderException: WFLYSRV0076: Error initializing vault --  org.jboss.security.vault.SecurityVaultException: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.

        at org.jboss.as.server.services.security.VaultReaderImpl.createVault(RuntimeVaultReader.java:159)

        at org.jboss.as.server.services.security.RuntimeVaultReader.createVault(RuntimeVaultReader.java:100)

        at org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:82)

        at org.jboss.as.controller.AbstractAddStepHandler.performRuntime(AbstractAddStepHandler.java:338)

        at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:159)

        at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:999)

        at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:743)

        at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:467)

        at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1412)

        at org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:521)

        at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:472)

        at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:434)

        at org.jboss.as.server.ServerService.boot(ServerService.java:435)

        at org.jboss.as.server.ServerService.boot(ServerService.java:394)

        at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:374)

        at java.lang.Thread.run(Thread.java:748)

Caused by: org.jboss.security.vault.SecurityVaultException: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.

        at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:210)

        at org.jboss.as.server.services.security.VaultReaderImpl.createVault(RuntimeVaultReader.java:157)

        ... 15 more

Caused by: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.

        at com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:975)

        at com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1056)

        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:853)

        at com.sun.crypto.provider.PBES1Core.doFinal(PBES1Core.java:423)

        at com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316)

        at javax.crypto.Cipher.doFinal(Cipher.java:2164)

        at org.jboss.security.plugins.PBEUtils.decode(PBEUtils.java:73)

        at org.jboss.security.plugins.PBEUtils.decode64(PBEUtils.java:90)

        at org.picketbox.plugins.vault.PicketBoxSecurityVault.decode(PicketBoxSecurityVault.java:362)

        at org.picketbox.plugins.vault.PicketBoxSecurityVault.loadKeystorePassword(PicketBoxSecurityVault.java:339)

        at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:204)

        ... 16 more

08:21:14,500 FATAL [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.

bewolw is my standalone.xml file content http://

<server xmlns="urn:jboss:domain:10.0">

    <extensions>

        <extension module="org.jboss.as.deployment-scanner"/>

        <extension module="org.jboss.as.ee"/>

        <extension module="org.jboss.as.jmx"/>

        <extension module="org.jboss.as.logging"/>

        <extension module="org.jboss.as.naming"/>

        <extension module="org.jboss.as.sar"/>

        <extension module="org.jboss.as.security"/>

        <extension module="org.wildfly.extension.core-management"/>

        <extension module="org.wildfly.extension.elytron"/>

        <extension module="org.wildfly.extension.io"/>

        <extension module="org.wildfly.extension.request-controller"/>

        <extension module="org.wildfly.extension.security.manager"/>

        <extension module="org.wildfly.extension.undertow"/>

    </extensions>

    <system-properties>

        <property name="org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING" value="false"/>

    </system-properties>

<vault>

      <vault-option name="KEYSTORE_URL" value="/opt/keystore/vault.jks"/>

      <vault-option name="KEYSTORE_PASSWORD" value="MASK-1tqdrgVYYq3"/>

      <vault-option name="KEYSTORE_ALIAS" value="vault"/>

      <vault-option name="SALT" value="12438567"/>

      <vault-option name="ITERATION_COUNT" value="50"/>

      <vault-option name="ENC_FILE_DIR" value="/opt/keystore/"/>

    </vault>

    <management>

        <security-realms>

            <security-realm name="ManagementRealm">

                <server-identities>

                    <ssl>

                        <keystore path="/opt/keystore/vault.jks" keystore-password="${VAULT::testing::Ivr@123::1}" key-password="${VAULT::Ivr@123::password::1}"/>

                    </ssl>

                </server-identities>

                <authentication>

                    <local default-user="$local" skip-group-loading="true"/>

                    <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>

                </authentication>

                <authorization map-groups-to-roles="false">

                    <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>

                </authorization>

            </security-realm>

        </security-realms>

**********************************

****  JBoss Vault  ***************

**********************************

Please enter a Digit::   0: Start Interactive Session   1: Remove Interactive Session  2: Exit

0

Starting an interactive session

Enter directory to store encrypted files: /opt/keystore

Enter Keystore URL: /opt/keystore/vault.jks

Enter Keystore password:

Enter Keystore password again:

Values match

Enter 8 character salt: 12345678

Enter iteration count as a number (e.g.: 44): 50

Enter Keystore Alias: vault

WFLYSEC0056: Initializing Vault

Jan 06, 2020 8:09:15 AM org.picketbox.plugins.vault.PicketBoxSecurityVault init

INFO: PBOX00361: Default Security Vault Implementation Initialized and Ready

WFLYSEC0048: Vault Configuration commands in WildFly for CLI:

********************************************

For standalone mode:

/core-service=vault:add(vault-options=[("KEYSTORE_URL" => "/opt/keystore/vault.jks"),("KEYSTORE_PASSWORD" => "MASK-1tqdrgVYYq3"),("KEYSTORE_ALIAS" => "vault"),("SALT" => "12345678"),("ITERATION_COUNT" => "50"),("ENC_FILE_DIR" => "/opt/keystore/")])

********************************************

For domain mode:

/host=the_host/core-service=vault:add(vault-options=[("KEYSTORE_URL" => "/opt/keystore/vault.jks"),("KEYSTORE_PASSWORD" => "MASK-1tqdrgVYYq3"),("KEYSTORE_ALIAS" => "vault"),("SALT" => "12345678"),("ITERATION_COUNT" => "50"),("ENC_FILE_DIR" => "/opt/keystore/")])

********************************************

WFLYSEC0057: Vault is initialized and ready for use

WFLYSEC0058: Handshake with Vault complete

Please enter a Digit::  0: Store a secured attribute  1: Check whether a secured attribute exists  2: Remove secured attribute  3: Exit

0

Task: Store a secured attribute

Please enter secured attribute value (such as password)

Please enter secured attribute value again

Values match

Enter Vault Block:testing

Enter Attribute Name:Ivr@123

WFLYSEC0047: Secured attribute value has been stored in Vault.

Please make note of the following:

********************************************

Vault Block:testing

Attribute Name:Ivr@123

Configuration should be done as follows:

VAULT::testing::Ivr@123::1

********************************************

Please enter a Digit::  0: Store a secured attribute  1: Check whether a secured attribute exists  2: Remove secured attribute  3: Exit

3