Scratch Org From Snapshot - Copied with failing Connected App, but without certificates

[pkozuchowski]

Summary

When scratch org is created from Scratch Org Snapshot, new scratch org contains Connected App. Any interaction with this app leads to Internal Server Error

At the same time, the scratch org is not copied with certificates, which I think provides value compared to Connected App:

• When you are building project that relies on external API and authorize through JWT, you have to generate private key in Salesforce and upload public key in the API platform. It's a problem for scratch orgs, since they are temporary and either you have to spam API team with new public keys for every scratch org, or have exportable cert on long living org and import that.
  If snapshot were copied with certs, the process becomes trivial - we are setting up certificate on snapshot and all scratch orgs are good to go right away. It's much safer, because the private keys is never touched by human hands.

Steps To Reproduce

1. Create Scratch org which will be used as snapshot
2. Create Connected App
3. Create Self-Signed Certificate
4. Create scratch org snapshot from this org
5. Create new scratch org from the snapshot
6. Observe that it has Connected App and it's failing with internal error and certificate is gone.

[github-actions]

Thank you for filing this issue. We appreciate your feedback and will review the issue as soon as possible. Remember, however, that GitHub isn't a mechanism for receiving support under any agreement or SLA. If you require immediate assistance, contact Salesforce Customer Support.

[github-actions]

Hello @pkozuchowski 👋 It looks like you didn't include the full Salesforce CLI version information in your issue.
Please provide the output of version --verbose --json for the CLI you're using (sf or sfdx).

A few more things to check:

• Make sure you've provided detailed steps to reproduce your issue.
  • A repository that clearly demonstrates the bug is ideal.
• Make sure you've installed the latest version of Salesforce CLI. (docs)
  • Better yet, try the rc or nightly versions. (docs)
• Try running the doctor command to diagnose common issues.
• Search GitHub for existing related issues.

Thank you!

[pkozuchowski]

FYI: Due to remote desktop policies, I cannot upgrade node, so I'm skipping tech details section - otherwise bot will close my issue.
This occurs on latest SF CLI version and I doubt node has anything to do with the issue :)

[github-actions]

We have determined that the issue you reported exists in code owned by another team that uses only the official support channels. To ensure that your issue is addressed, open an official Salesforce customer support ticket with a link to this issue. We encourage anyone experiencing this issue to do the same to increase the priority. We will keep this issue open for the community to collaborate on.

[iowillhoit]

Hey @pkozuchowski, the CLI team does not have any control over what is copied in a snapshot. This is likely a question for the Signup and ISV Tools team. You can open a Salesforce Support Case with these details and suggest that team to assignment.

If you do open a case, please share the ID here in this issue so that others with the same question could reference it in the future. Thanks!