"I'm sorry, Dave. I'm afraid I can't do that." --HAL, 2001: A Space Odyssey

How to decrypt a core_config_data value at the command line in Magento 2

Monday, April 26th, 2021

Sometimes a value needs to be retrieved from an encrypted core_config_data field. The best way to accomplish this goal is to use Magerun2 (https://github.com/netz98/n98-...). Magerun2 works great with Magento 2 and if you don't use it in your projects then you should install it and learn it immediately.

It's not always feasible and sometimes is impossible to install magerun2 in a Magento Cloud project. If you can't install it for whatever reason but you still need to retrieve encrypted config data then this small PHP that I wrote below is the answer. I have used this successfully in Magento Cloud projects.

What I typically do is use vim or nano to create a file in /tmp called decrypt.php then copy the contents of the code block below into it. I use /tmp/ because Magento Cloud projects use read-only file systems for added security. The /tmp/ folder is always writable though.

Usage:

You'll need to pass the encrypted string from the core_config_data table that you want to decrypt along with the absolute path to the file system root of your Magento 2 project (where the app/bootstrap.php file resides).

cd /tmp

php decrypt.php --enc=0:0:x:x:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx --path=/your_absolute_project_path

Hint: You can get the absolute path of your project by using the pwd command.

The php below has some basic validation to ensure that you have entered the path and encrypted string to decode. Overall it's pretty basic but does the job.

<?php
use Magento\Framework\App\Bootstrap;
$path = getopt(null, ["path:"]);
$encrypted = getopt(null, ["enc:"]);
$error = false;
if (!$encrypted || !$path) {
 $error = true;
 if (!$path) {
 echo PHP_EOL . "Missing absolute path to your app/bootstrap.php file." . PHP_EOL;
 }
 if (!$encrypted) {
 echo PHP_EOL . "Missing encrypted string to decrypt." . PHP_EOL;
 }
}
if (!file_exists($path['path'] . '/app/bootstrap.php')) {
 $error = true;
 echo PHP_EOL . "Incorrect absolute path to your app/bootstrap.php file." . PHP_EOL;
}
if ($error === true) {
 echo PHP_EOL . "Usage: php decrypt.php --path=/your_absolute_project_path --enc=x:x:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" . PHP_EOL . PHP_EOL;
 die();
}
require $path['path'] . '/app/bootstrap.php';
$bootstrap = Bootstrap::create(BP, $_SERVER);
$obj = $bootstrap--->getObjectManager();
$state = $obj->get('Magento\Framework\App\State');
$state->setAreaCode('frontend');
$decrypted = \Magento\Framework\App\ObjectManager::getInstance()
 ->get(\Magento\Framework\Encryption\EncryptorInterface::class)
 ->decrypt($encrypted['enc']);
echo PHP_EOL . "Encrypted" . PHP_EOL;
echo "===================" . PHP_EOL;
echo $encrypted['enc'] . PHP_EOL . PHP_EOL;
echo "Decrypted" . PHP_EOL;
echo "===================" . PHP_EOL;
echo $decrypted . PHP_EOL . PHP_EOL;

Be sure to clean up after you're finished by deleting the decrypt.php file out of /tmp/.

Views: 200