Hi Team, I am trying to migrate standalone.xml (from v3.0 to v4.6) that is having vault configurations enabled, using command (./jboss-cli.sh --file=migrate-standalone.cli) on Linux. But it always throw the exception as highlighted though same works fine on Windows. Is it a known issue? Any workaround? 04:36:53,835 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ ("core-service" => "management"), ("security-realm" => "MySSLRealm") ]): org.jboss.as.server.services.security.VaultReaderException: WFLYSRV0227: Security exception accessing the vault at org.jboss.as.server.services.security.VaultReaderImpl.retrieveFromVault(RuntimeVaultReader.java:190) at org.jboss.as.server.services.security.RuntimeVaultReader.retrieveFromVault(RuntimeVaultReader.java:115) at org.jboss.as.server.RuntimeExpressionResolver.resolvePluggableExpression(RuntimeExpressionResolver.java:65) at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressionString(ExpressionResolverImpl.java:341) at org.jboss.as.controller.ExpressionResolverImpl.parseAndResolve(ExpressionResolverImpl.java:246) at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressionStringRecursively(ExpressionResolverImpl.java:143) at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressionsRecursively(ExpressionResolverImpl.java:84) at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressions(ExpressionResolverImpl.java:66) at org.jboss.as.controller.ModelControllerImpl.resolveExpressions(ModelControllerImpl.java:873) at org.jboss.as.controller.OperationContextImpl.resolveExpressions(OperationContextImpl.java:1278) at org.jboss.as.controller.AttributeDefinition$1.resolveExpressions(AttributeDefinition.java:603) at org.jboss.as.controller.AttributeDefinition.resolveValue(AttributeDefinition.java:667) at org.jboss.as.controller.AttributeDefinition.resolveModelAttribute(AttributeDefinition.java:626) at org.jboss.as.controller.AttributeDefinition.resolveModelAttribute(AttributeDefinition.java:600) at org.jboss.as.domain.management.security.SecurityRealmAddHandler.addKeyManagerService(SecurityRealmAddHandler.java:688) at org.jboss.as.domain.management.security.SecurityRealmAddHandler.addSSLServices(SecurityRealmAddHandler.java:611) at org.jboss.as.domain.management.security.SecurityRealmAddHandler.installServices(SecurityRealmAddHandler.java:237) at org.jboss.as.domain.management.security.SecurityRealmAddHandler$ServiceInstallStepHandler.execute(SecurityRealmAddHandler.java:917) at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:999) at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:743) at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:467) at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1411) at org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:521) at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:470) at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:432) at org.jboss.as.server.ServerService.boot(ServerService.java:427) at org.jboss.as.server.ServerService.boot(ServerService.java:386) at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:372) at java.lang.Thread.run(Thread.java:745) Caused by: org.jboss.security.vault.SecurityVaultException: javax.crypto.BadPaddingException: Given final block not properly padded at org.picketbox.plugins.vault.PicketBoxSecurityVault.retrieve(PicketBoxSecurityVault.java:297) at org.jboss.as.server.services.security.VaultReaderImpl.getValue(RuntimeVaultReader.java:223) at org.jboss.as.server.services.security.VaultReaderImpl.retrieveFromVault(RuntimeVaultReader.java:176) ... 28 more Caused by: javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:975) at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:833) at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446) at javax.crypto.Cipher.doFinal(Cipher.java:2165) at org.picketbox.util.EncryptionUtil.decrypt(EncryptionUtil.java:134) at org.picketbox.plugins.vault.PicketBoxSecurityVault.retrieve(PicketBoxSecurityVault.java:293) ... 30 more 04:36:53,855 FATAL [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details. 04:36:53,865 INFO [org.jboss.as] (MSC service thread 1-4) WFLYSRV0050: Keycloak 4.6.0.Final (WildFly Core 6.0.2.Final) stopped in 15ms Cannot start embedded server: WFLYEMB0021: Cannot start embedded process: JBTHR00005: Operation failed: WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details. Below is the sample vault configurations in standalone.xml (Keycloak v3.0.0) <system-properties> <property name="javax.net.ssl.trustStore" value="/d0/certs/cert.keystore"/> </system-properties> <vault> <vault-option name="KEYSTORE_URL" value="/d0/certs/cert.jceks"/> <vault-option name="KEYSTORE_PASSWORD" value="MASK-0Thq/RjbpgdvR0aONX4KnP"/> <vault-option name="KEYSTORE_ALIAS" value="cert"/> <vault-option name="SALT" value="asdf3421"/> <vault-option name="ITERATION_COUNT" value="44"/> <vault-option name="ENC_FILE_DIR" value="/d0/certs"/> </vault> <management> <security-realms> <security-realm name="MySSLRealm"> <server-identities> <ssl> <keystore alias="cert" keystore-password="${VAULT::DS::cert::1}" path="/d0/certs/cert.keystore"/> </ssl> </server-identities> </security-realm> ... <subsystem xmlns="urn:jboss:domain:undertow:3.0"> <buffer-cache name="default"/> <server name="default-server"> <https-listener max-post-size="1048576000" name="default" security-realm="MySSLRealm" socket-binding="https"/> ... Thanks, Deepti ---------------------------------------------------------------------- This e-mail, including any attached files, may contain confidential and privileged information for the sole use of the intended recipient. Any review, use, distribution, or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive information for the intended recipient), please contact the sender by reply e-mail and delete all copies of this message.