Troubleshooting

Quick Diagnosis

# Check container status
docker ps | grep encryption

# Check recent logs
docker logs encryption-patterns --tail 50 2>&1 | grep -i error

# Test multi-field encryption
curl -X POST http://localhost:8080/transactions \
  -H "Content-Type: application/json" \
  -d '{"card": "4532123456789010", "ssn": "123-45-6789", "email": "[email protected]"}'

Common Issues

Wrong key used for field type

Cause: Key selection logic not matching field

# Check which keys are being used
docker logs encryption-patterns --tail 20 2>&1 | grep key_

Fix: Verify key selection in mapping:

root.card_encrypted = this.card.encrypt_aes("${PAYMENT_KEY}")
root.ssn_encrypted = this.ssn.encrypt_aes("${PII_KEY}")

Key rotation failing

Cause: Old key not available for re-encryption

Fix: Always keep previous key versions accessible:

# Support both old and new keys during rotation
root.decrypted = this.ciphertext.decrypt_aes("${NEW_KEY}")
  .catch(this.ciphertext.decrypt_aes("${OLD_KEY}"))

Analytics fields not preserved

Cause: Derived fields deleted during encryption

Fix: Extract analytics-safe data before encrypting:

root.last_four = this.card.slice(-4)
root.email_domain = this.email.split("@").index(1)
root.card = this.card.encrypt_aes("${KEY}")
root.email = this.email.encrypt_aes("${KEY}")

Compliance audit failures

Cause: Missing encryption metadata for audit trail

Fix: Add encryption metadata to every encrypted field:

root.card_encrypted = {
  "ciphertext": encrypted_value,
  "key_id": "${KEY_ID}",
  "encrypted_at": now(),
  "algorithm": "AES-256-GCM"
}

Still stuck?

Add debug logging: logger: {level: DEBUG}
Check the Complete Pipeline for reference config
Review Enforce Schema for validation patterns

Quick Diagnosis​

Common Issues​

Wrong key used for field type​

Key rotation failing​

Analytics fields not preserved​

Compliance audit failures​

Still stuck?​