We’re excited to introduce BestWorlds’ Encryption Key Rotation Module for Magento 2. This module helps you securely rotate encryption keys in response to the Cosmic Sting vulnerability disclosed on September 26, 2024. This vulnerability exposed JWT Admin Tokens, which could reveal your current encryption keys.

Why You Need to Rotate Your Encryption Keys

Magento has recommended key rotation to mitigate this vulnerability. You can generate new keys through the Magento admin interface, but replacing old keys is crucial because the vulnerability exposed them. Magento’s patch helps prevent the use of old keys, especially for JWT Tokens, but rotating keys in the admin interface didn’t fully resolve the issue for encrypted third-party data.

After researching other solutions (like the SanSec module), we found them too complex and potentially problematic, so we created a simpler, more reliable option.

Our Solution: The Encryption Key Rotation Module

Our Encryption Key Rotation Module simplifies the process. With a single command, you can replace your old encryption key with a new one, ensuring everything on your site continues working seamlessly.

Key Features of the Module

Here’s how the module works:

1. Generate a New Encryption Key: The module creates a new key and adds it to your configuration. You can provide your own key or let Magento generate one automatically (which we recommend).
2. Re-encrypt Two-Factor Authentication (TFA) Values: It updates your TFA encrypted values to keep them secure.
3. Re-encrypt All Database Values: The module re-encrypts all database values, including encrypted data from third-party modules.
4. Update Image Cache Directory Names: It changes image cache directory names to match the new encryption key. Unlike Magento’s default key rotation process, which requires regenerating all cached images, this module makes it easier.

Managing Cache Images: Choose Your Approach

In the admin panel (Stores -> Configuration -> BestWorlds -> Encryption Key), you can choose how to handle cache images:

• Symlink Approach (Recommended): This option creates symlinks that point from the old cache directories to the new ones. It’s safer and allows you to verify that product images load correctly before replacing the old directories.
• Rename Approach: This replaces the old cache directory names with the new ones. While simpler, it carries more risk, especially on large projects. We recommend the Symlink Approach to avoid issues.

Extensible for Developers

The module is designed to be flexible, so developers can easily add or remove process steps if necessary. It’s built to be customizable for different project needs.

Developer Guide

This module is intended for experienced Magento developers, as it requires an understanding of the platform and its encryption key features. Here are the steps to follow:

1. Test in Development First: Always try this module on a development environment before applying it to a live store
2. Backup Your Data: Make a full backup of your database and the env.php file in your app/etc/ folder. The old encryption key will be saved under the “invalidated_keys” configuration, but it’s good to have a backup just in case.
3. Choose Your Cache Management Strategy: The default setting is Symlink, but if you choose the Rename option, we recommend backing up your image cache directories first.
   Run the Key Rotation Command: In the terminal, execute the following command:
   bin/magento encryption:key:rotate
4. If you don’t specify a key, Magento will generate one automatically
5. Monitor Progress: The command will show you the steps being executed. After the database re-encryption is complete, a CSV report with the details will be saved at var/encryption-key/report/{CURRENT_DATE}.csv
6. Clear Your Cache: Don’t forget to clear all caches in your Magento project after rotating the keys
7. Verify Cache Images: Check that product images load correctly from the new cache directories (using the symlinks). Once confirmed, you can replace the symlinks with the actual directories. You can do this via:
   • Magento Admin: Go to Stores -> Configuration -> BestWorlds -> Encryption Key -> Cache Directories -> Convert symlinks into directories.
   • Magento CLI: Run the following command: bin/magento encryption:key:replace-cache-images-symlinks

Conclusion

The Encryption Key Rotation Module simplifies the key rotation process, helps you stay secure, and avoids complications. Whether you’re handling third-party module data, re-encrypting TFA values, or updating image cache directories, this module provides a smooth, reliable solution.

For more details, check out the module on GitHub.

As one of Klaviyo’s first certified Systems Integrators, Best Worlds has been working on advanced engineering projects involving Klaviyo for years.  Recently Klaviyo featured our relationship and work in their Developer Showcase to highlight some of the advanced things partners are doing with Klaviyo.  We’re honored to have our work highlighted by Klaviyo and appreciate the opportunity to share some of our learnings with the developer community.

You can read the full article here:
Klaviyo Developer Showcase – Best Worlds

Continue reading “Best Worlds Featured in Klaviyo’s Developer Showcase”

Through our ongoing conversion rate optimization work with Great Lakes Skipper, we theorized that certain visitors might not be finding the hard to find boat parts they were looking for because of substitute part numbers or other information that wasn’t always being found by the existing search engine powering their website.  As a Klevu partner we had seen other cases where the advanced AI and deep product data indexing produced a lift.  But like all things we recommend and evaluate, we wanted assurance that the cost of the service would represent solid ROI for our partner.  This analysis can be tough if you don’t have a way to truly test a service against what’s already in place, because the metrics you would be tracking – things like per session value and search assisted revenue – are always fluctuating on their own anyway.

Continue reading “Advanced A/B Test: 16.8% Revenue Lift From Implementing Klevu on Great Lakes Skipper”

Best Worlds has partnered with Wine Direct – the leading provider of ecommerce and DTC solutions for wineries – to offer a managed Klaviyo integration to it’s 2000+ wineries.  The solution allows for advanced synchronization of wine club lists, tasting room bookings, point of sale orders and ecommerce orders with Klaviyo.

Continue reading “Best Worlds Launches Managed Klaviyo Integration for the Wine Direct Ecommerce Platform”

Many in the ecommerce world are used to having pre-built integrations between their ecommerce platform and their favorite email service provider or marketing communications platform. But what if you are on an ecommerce platform that has no integration?

Continue reading “Bridging The Gap Between Klaviyo and Custom Platforms”

Published: Posted on July 28, 2020

eCommerce is a modern and effective way to engage in the retail and wholesale business, but where there’s $$$, fraudsters who want to get a piece of the action won’t be far behind.

Continue reading “Keeping fraudsters from disrupting your Magento business. 10 Kinds of eCommerce Fraud to Avoid.”

Continue reading “Stuck on Magento 1 Past End Of Life? Here’s What To Do”