{"id":473,"date":"2024-12-03T17:11:24","date_gmt":"2024-12-03T17:11:24","guid":{"rendered":"https:\/\/bestworlds.com\/blog\/?p=473"},"modified":"2024-12-03T19:34:36","modified_gmt":"2024-12-03T19:34:36","slug":"introducing-bestworlds-new-encryption-key-rotation-module-for-magento-2","status":"publish","type":"post","link":"https:\/\/bestworlds.com\/blog\/introducing-bestworlds-new-encryption-key-rotation-module-for-magento-2\/","title":{"rendered":"Introducing BestWorlds\u2019 New Encryption Key Rotation Module for Magento 2"},"content":{"rendered":"\n<p>We\u2019re excited to introduce <a href=\"https:\/\/github.com\/Best-Worlds\/encryption-keys\" data-type=\"link\" data-id=\"https:\/\/github.com\/Best-Worlds\/encryption-keys\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">BestWorlds\u2019 Encryption Key Rotation Module<\/a> for Magento 2. This module helps you securely rotate encryption keys in response to the <a href=\"https:\/\/experienceleague.adobe.com\/en\/docs\/commerce-knowledge-base\/kb\/troubleshooting\/known-issues-patches-attached\/security-update-available-for-adobe-commerce-apsb24-40-revised-to-include-isolated-patch-for-cve-2024-34102\" data-type=\"link\" data-id=\"https:\/\/experienceleague.adobe.com\/en\/docs\/commerce-knowledge-base\/kb\/troubleshooting\/known-issues-patches-attached\/security-update-available-for-adobe-commerce-apsb24-40-revised-to-include-isolated-patch-for-cve-2024-34102\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Cosmic Sting vulnerability<\/a> disclosed on September 26, 2024. This vulnerability exposed JWT Admin Tokens, which could reveal your current encryption keys.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why You Need to Rotate Your Encryption Keys<\/h2>\n\n\n\n<p>Magento has recommended key rotation to mitigate this vulnerability. You can generate new keys through the Magento admin interface, but replacing old keys is crucial because the vulnerability exposed them. Magento\u2019s patch helps prevent the use of old keys, especially for JWT Tokens, but rotating keys in the admin interface didn\u2019t fully resolve the issue for encrypted third-party data.<\/p>\n\n\n\n<p>After researching other solutions (like the SanSec module), we found them too complex and potentially problematic, so we created a simpler, more reliable option.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Our Solution: The Encryption Key Rotation Module<\/h2>\n\n\n\n<p>Our <a href=\"https:\/\/github.com\/Best-Worlds\/encryption-keys\" data-type=\"link\" data-id=\"https:\/\/github.com\/Best-Worlds\/encryption-keys\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Encryption Key Rotation Module<\/a> simplifies the process. With a single command, you can replace your old encryption key with a new one, ensuring everything on your site continues working seamlessly.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Key Features of the Module<\/h2>\n\n\n\n<p>Here\u2019s how the module works:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Generate a New Encryption Key:<\/strong> The module creates a new key and adds it to your configuration. You can provide your own key or let Magento generate one automatically (which we recommend).<\/li>\n\n\n\n<li><strong>Re-encrypt Two-Factor Authentication (TFA) Values: <\/strong>It updates your TFA encrypted values to keep them secure.<\/li>\n\n\n\n<li><strong>Re-encrypt All Database Values: <\/strong>The module re-encrypts all database values, including encrypted data from third-party modules.<\/li>\n\n\n\n<li><strong>Update Image Cache Directory Names: <\/strong>It changes image cache directory names to match the new encryption key. Unlike Magento\u2019s default key rotation process, which requires regenerating all cached images, this module makes it easier.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Managing Cache Images: Choose Your Approach<\/h3>\n\n\n\n<p>In the admin panel (Stores -> Configuration -> BestWorlds -> Encryption Key), you can choose how to handle cache images:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Symlink Approach (Recommended):<\/strong> This option creates symlinks that point from the old cache directories to the new ones. It\u2019s safer and allows you to verify that product images load correctly before replacing the old directories.<\/li>\n\n\n\n<li><strong>Rename Approach: <\/strong>This replaces the old cache directory names with the new ones. While simpler, it carries more risk, especially on large projects. We recommend the Symlink Approach to avoid issues.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Extensible for Developers<\/h3>\n\n\n\n<p>The module is designed to be flexible, so developers can easily add or remove process steps if necessary. It\u2019s built to be customizable for different project needs.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Developer Guide<\/h2>\n\n\n\n<p>This module is intended for experienced Magento developers, as it requires an understanding of the platform and its encryption key features. Here are the steps to follow:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Test in Development First:<\/strong> Always try this module on a development environment before applying it to a live store<\/li>\n\n\n\n<li><strong>Backup Your Data:<\/strong> Make a full backup of your database and the env.php file in your app\/etc\/ folder. The old encryption key will be saved under the &#8220;invalidated_keys&#8221; configuration, but it&#8217;s good to have a backup just in case.<\/li>\n\n\n\n<li><strong>Choose Your Cache Management Strategy: <\/strong>The default setting is Symlink, but if you choose the Rename option, we recommend backing up your image cache directories first.<br>Run the Key Rotation Command: In the terminal, execute the following command:<br><code>bin\/magento encryption:key:rotate<\/code><\/li>\n\n\n\n<li>If you don\u2019t specify a key, Magento will generate one automatically<\/li>\n\n\n\n<li><strong>Monitor Progress:<\/strong> The command will show you the steps being executed. After the database re-encryption is complete, a CSV report with the details will be saved at <code>var\/encryption-key\/report\/{CURRENT_DATE}.csv<\/code><\/li>\n\n\n\n<li><strong>Clear Your Cache:<\/strong> Don\u2019t forget to clear all caches in your Magento project after rotating the keys<\/li>\n\n\n\n<li><strong>Verify Cache Images:<\/strong> Check that product images load correctly from the new cache directories (using the symlinks). Once confirmed, you can replace the symlinks with the actual directories. You can do this via:\n<ul class=\"wp-block-list\">\n<li><strong>Magento Admin: <\/strong>Go to Stores -> Configuration -> BestWorlds -> Encryption Key -> Cache Directories -> Convert symlinks into directories.<\/li>\n\n\n\n<li><strong>Magento CLI: <\/strong>Run the following command: <code>bin\/magento encryption:key:replace-cache-images-symlinks<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p>The <a href=\"https:\/\/github.com\/Best-Worlds\/encryption-keys\" data-type=\"link\" data-id=\"https:\/\/github.com\/Best-Worlds\/encryption-keys\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Encryption Key Rotation Module<\/a> simplifies the key rotation process, helps you stay secure, and avoids complications. Whether you&#8217;re handling third-party module data, re-encrypting TFA values, or updating image cache directories, this module provides a smooth, reliable solution.<\/p>\n\n\n\n<p>For more details, check out the <a href=\"https:\/\/github.com\/Best-Worlds\/encryption-keys\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">module on GitHub<\/a>.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>We\u2019re excited to introduce BestWorlds\u2019 Encryption Key Rotation Module for Magento 2. This module helps you securely rotate encryption keys in response to the Cosmic Sting vulnerability disclosed on September 26, 2024. This vulnerability exposed JWT Admin Tokens, which could reveal your current encryption keys. Why You Need to Rotate Your Encryption Keys Magento has &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/bestworlds.com\/blog\/introducing-bestworlds-new-encryption-key-rotation-module-for-magento-2\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Introducing BestWorlds\u2019 New Encryption Key Rotation Module for Magento 2&#8221;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":478,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","rank_math_lock_modified_date":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-473","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/bestworlds.com\/blog\/wp-json\/wp\/v2\/posts\/473"}],"collection":[{"href":"https:\/\/bestworlds.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bestworlds.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bestworlds.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/bestworlds.com\/blog\/wp-json\/wp\/v2\/comments?post=473"}],"version-history":[{"count":4,"href":"https:\/\/bestworlds.com\/blog\/wp-json\/wp\/v2\/posts\/473\/revisions"}],"predecessor-version":[{"id":477,"href":"https:\/\/bestworlds.com\/blog\/wp-json\/wp\/v2\/posts\/473\/revisions\/477"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bestworlds.com\/blog\/wp-json\/wp\/v2\/media\/478"}],"wp:attachment":[{"href":"https:\/\/bestworlds.com\/blog\/wp-json\/wp\/v2\/media?parent=473"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bestworlds.com\/blog\/wp-json\/wp\/v2\/categories?post=473"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bestworlds.com\/blog\/wp-json\/wp\/v2\/tags?post=473"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}