From d189b4e2943721f14bb4e2f82e78695f6dac23c7 Mon Sep 17 00:00:00 2001
From: rr-bw <102181210+rr-bw@users.noreply.github.com>
Date: Mon, 9 Sep 2024 07:05:04 -0700
Subject: [PATCH] [PM-8013] CLI MAC failure logs - update secureStorageService
 deps (#10935)

---
 apps/cli/src/service-container/service-container.ts | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/apps/cli/src/service-container/service-container.ts b/apps/cli/src/service-container/service-container.ts
index ba73c26085..b9225fec43 100644
--- a/apps/cli/src/service-container/service-container.ts
+++ b/apps/cli/src/service-container/service-container.ts
@@ -285,7 +285,13 @@ export class ServiceContainer {
     this.secureStorageService = new NodeEnvSecureStorageService(
       this.storageService,
       this.logService,
-      this.encryptService,
+      // MAC failures for secure storage are being logged for customers today and
+      // they occur when users unlock / login and refresh a session key but don't
+      // export it into their environment (e.g. BW_SESSION_KEY). This leaves a stale
+      // BW_SESSION key in the env which is attempted to be used to decrypt the auto
+      // unlock user key which obviously fails. So, to resolve this, we will not log
+      // MAC failures for secure storage.
+      new EncryptServiceImplementation(this.cryptoFunctionService, this.logService, false),
     );
 
     this.memoryStorageService = new MemoryStorageService();