Amazon EC2: Getting Access Denied trying to use Windows DPAPI

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Amazon EC2: Getting Access Denied trying to use Windows DPAPI

Carel Combrink
Hi,

We are using an AWS EC2 Windows AMI to do our builds from a Jenkins job using the ec2-plugin.
Our libraries use the Windows Cryptography API: Next Generation (NG) (DPAPI) to protect sensitive data from C# and C++ components.

Our builds succeed without any issue, but our unit test trying to use this API in the AMI instance keeps on failing. On the C# side we get the following exception (almost the same on C++ side):

Access is denied.
Source: System.Security
HRESULT: -2147024891
Stack:
   at System.Security.Cryptography.ProtectedData.Protect(Byte[] userData, Byte[] optionalEntropy, DataProtectionScope scope)

We could get the Unit Tests passing with PsExec, but the output is lost and the step that normally takes about 20 minutes now takes more than 4 hours.

From some reading up it seems like the WinRM connection is the cause of the issue, the PsExec seems to verify that.

Is there a way to configure or set up the AMI + plugin to allow us to use the DPAPI inside the AMI for the unit tests (Without having to use an external tool like PsExec)?

Regards,
Carel

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAAxNqap8gEXPhzZq9f7gnTUyX1Whv0FezYg%3DKBPL0BKDL5ReLg%40mail.gmail.com.