generated from coop-cloud/example
SECRET_KEY is generated with incorrect length #12
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Steps to reproduce:
abra app new outline
abra app deploy outline
Expected:
Actual:
�2023-04-22T00:11:09.611179000Z {"error":"Invalid key length","stack":"UnauthorizedError: Invalid key length\n at AuthenticationError (/opt/outline/build/server/errors.js:38:34)\n at accountProvisioner (/opt/outline/build/server/commands/accountProvisioner.js:118:43)\n at runMicrotasks (<anonymous>)\n at processTicksAndRejections (node:internal/process/task_queues:96:5)","level":"error","message":"Error during authentication"}
This seems to be because SECRET_KEY should be 32 characters, but abra generates a 64-character secret. Maybe changing to
length=32
is enough?Changing
secret_key
to length 32 doesn't solve the problem for me, I still get the exact same error msg.I also tried length=16, then I got:
So I guess the length of secret_key is not the issue.
@iexos maybe you tried already, but you'd need to regenerate secrets (
abra app secret rm ...
,abra app secret generate ...
) after changing this, and possibly also drop volumes (abra app volume rm -A ...
).Are you able to check what the current length of the secret key is, e.g.
abra app run <domain> app cat /run/secrets/secret_key | wc -c
?Yes i did remove and regenerate with different key sizes, and also completely removed the app. Just tried now again:
Also tried reducing the utils_secret to 32 chars and upgrading to newest image
outlinewiki/outline:0.69.2
, no change.I'm using Authentik, maybe this is about some key that is returned? I also tried changing the key sizes within Authentik provider, no change.
Got it to work now.
SECRET_KEY
has to be in hex format, i.e. likeopenssl rand -hex 32
. Canabra
do that?Ah great call, yes, that rings a bell. No, I think abra's current secret generation only does alphanumeric secrets - race you to a feature request in coop-cloud/organising