fix: add debug logging for AES key mismatch troubleshooting

shared/utils/crypto.py

@@ -31,7 +31,14 @@ def _get_encryption_key():
         aes_iv = os.environ.get('GIT_TOKEN_AES_IV', '1234567890123456')
         _aes_key = aes_key.encode('utf-8')
         _aes_iv = aes_iv.encode('utf-8')
-        logger.info("Loaded encryption keys from environment variables")
+        # Debug logging: print key info for troubleshooting encryption mismatch
+        logger.info(
+            f"Loaded encryption keys from environment variables - "
+            f"GIT_TOKEN_AES_KEY: first 4 chars='{aes_key[:4]}', last 4 chars='{aes_key[-4:]}', length={len(aes_key)}"
+        )
+        logger.info(
+            f"GIT_TOKEN_AES_IV: first 4 chars='{aes_iv[:4]}', last 4 chars='{aes_iv[-4:]}', length={len(aes_iv)}"
+        )
     return _aes_key, _aes_iv
 
 
@@ -42,7 +49,7 @@ def _get_encryption_key():
 def encrypt_sensitive_data(plain_text: str) -> str:
     """
     Encrypt sensitive data using AES-256-CBC encryption
-    
+
     This is the core encryption function used by all sensitive data encryption.
 
     Args:
@@ -57,6 +64,12 @@ def encrypt_sensitive_data(plain_text: str) -> str:
     if plain_text == "***":
         return "***"
 
+    # Debug logging: print plain text info
+    logger.info(
+        f"encrypt_sensitive_data called - plain_text length={len(plain_text)}, "
+        f"first 4 chars='{plain_text[:4] if len(plain_text) >= 4 else plain_text}'"
+    )
+
     try:
         aes_key, aes_iv = _get_encryption_key()
 
@@ -76,7 +89,13 @@ def encrypt_sensitive_data(plain_text: str) -> str:
         encrypted_bytes = encryptor.update(padded_data) + encryptor.finalize()
 
         # Return base64 encoded encrypted data
-        return base64.b64encode(encrypted_bytes).decode('utf-8')
+        encrypted_str = base64.b64encode(encrypted_bytes).decode('utf-8')
+        # Debug logging: print encryption success info
+        logger.info(
+            f"encrypt_sensitive_data success - encrypted length={len(encrypted_str)}, "
+            f"first 10 chars='{encrypted_str[:10]}'"
+        )
+        return encrypted_str
     except Exception as e:
         logger.error(f"Failed to encrypt sensitive data: {str(e)}")
         raise
@@ -85,7 +104,7 @@ def encrypt_sensitive_data(plain_text: str) -> str:
 def decrypt_sensitive_data(encrypted_text: str) -> Optional[str]:
     """
     Decrypt sensitive data using AES-256-CBC decryption
-    
+
     This is the core decryption function used by all sensitive data decryption.
 
     Args:
@@ -100,6 +119,12 @@ def decrypt_sensitive_data(encrypted_text: str) -> Optional[str]:
     if encrypted_text == "***":
         return "***"
 
+    # Debug logging: print encrypted text info
+    logger.info(
+        f"decrypt_sensitive_data called - encrypted_text length={len(encrypted_text)}, "
+        f"first 10 chars='{encrypted_text[:10] if len(encrypted_text) >= 10 else encrypted_text}'"
+    )
+
     try:
         aes_key, aes_iv = _get_encryption_key()
 
@@ -122,7 +147,13 @@ def decrypt_sensitive_data(encrypted_text: str) -> Optional[str]:
         decrypted_bytes = unpadder.update(decrypted_padded_bytes) + unpadder.finalize()
 
         # Return decrypted string
-        return decrypted_bytes.decode('utf-8')
+        decrypted_str = decrypted_bytes.decode('utf-8')
+        # Debug logging: print decryption success info
+        logger.info(
+            f"decrypt_sensitive_data success - decrypted length={len(decrypted_str)}, "
+            f"first 4 chars='{decrypted_str[:4] if len(decrypted_str) >= 4 else decrypted_str}'"
+        )
+        return decrypted_str
     except Exception as e:
         logger.warning(f"Failed to decrypt sensitive data: {str(e)}")
         # Return the original text as fallback for backward compatibility