You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I apologize that I didn't have the presence of mind to open this issue when I still had the error and stack trace in front of me, but I figured I'd at least open it in retrospect.
I didn't define datastore_crypto_key in values.yaml so it fell back to conf/datastore_crypto_key.yaml. For some reason it failed to generate the key, error message randBytes is not defined.
Solution
I worked around it by generating it myself using openssl rand -hex 32 and defining it in datastore_crypto_key.
Hopefully this helps someone!
The text was updated successfully, but these errors were encountered:
In order for the datastore_crypto_key generation to work, you need to use helm v3.5.0 (released January 2021) or newer.
The datastore_crypto_key generation was carefully crafted to match how StackStorm's st2-generate-symmetric-crypto-key script generates it.
If you can't use the helm-based generation, then please follow this section in the docs to generate a key: https://docs.stackstorm.com/datastore.html#securing-secrets-admin-only
And then put the contents of datastore_key.json in your values at st2.datastore_crypto_key.
NOTE: you should not need to run openssl rand ... to do this. openssl rand ... is incomplete and probably will not work in when StackStorm tries to load it to encrypt and decrypt keys.
You can do this on any ST2 installation, including in a vagrant box.
I apologize that I didn't have the presence of mind to open this issue when I still had the error and stack trace in front of me, but I figured I'd at least open it in retrospect.
Environment:
[email protected]
Helm version:
3
Chart version:
0.80.0
Problem
I didn't define
datastore_crypto_key
invalues.yaml
so it fell back toconf/datastore_crypto_key.yaml
. For some reason it failed to generate the key, error messagerandBytes is not defined
.Solution
I worked around it by generating it myself using
openssl rand -hex 32
and defining it indatastore_crypto_key
.Hopefully this helps someone!
The text was updated successfully, but these errors were encountered: