Trailhead: Build an Automated CI/CD Pipeline with GitLab - decrypt fails

Followed the steps in Salesforce Trailhead Build an Automated CI/CD Pipeline with GitLab (

in the step running the CI actually failed.
I ran the decrypt command on Mac and worked fine here.
My guess is that the docker image has a slight difference if the
openssl command …

Running with gitlab-runner 11.11.1 (5a147c92)
  on docker-auto-scale 72989761
Using Docker executor with image ruby:2.5 ...
Pulling docker image ruby:2.5 ...
Using docker image sha256:ba6721c6da7b7159079c81a480d24105c7617605a91a2fcc53d5853be48ac832 for ruby:2.5 ...
Running on runner-72989761-project-12614471-concurrent-0 via runner-72989761-srm-1559275842-fdb22181...
Initialized empty Git repository in /builds/jorgjanke/DreamHouse-sfdx/.git/
Fetching changes...
Created fresh repository.
 * [new branch]      master     -> origin/master
Checking out 60b4d75f as master...

Skipping Git submodules setup
$ openssl aes-256-cbc -d -md md5 -in assets/server.key.enc -out assets/server.key -k Password01
bad decrypt
140638091489344:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:536:
ERROR: Job failed: exit code 1

… uups - regenerated the encrypted file, committed it - works now!

1 Like

I had the same issue and fixed it by changing -md from md5 to sha256 in the .gitlab-ci.yml file:

openssl aes-256-cbc -d -md sha256 -in server.key.enc -out myserver.key -k Password01