invalid token for credentials file 500: Internal Server Error

Hi I configured my secret with base64 file as mentioned in the article here:

https://github.com/1password/onepassword-operator

The connect-sync is working well as in the log below:
{"log_message":"(I) local attr version for vault v75lhm4jjpihdk6jqk5ciefmsu matches remote, nothing to do","timestamp":"2021-08-13T17:07:16.726031589Z","level":3}
{"log_message":"(I) local access version for vault v75lhm4jjpihdk6jqk5ciefmsu matches remote, nothing to do","timestamp":"2021-08-13T17:07:16.726039299Z","level":3}
{"log_message":"(I) local content version mismatch for vault v75lhm4jjpihdk6jqk5ciefmsu, remote: 7, local: 0, starting content sync...","timestamp":"2021-08-13T17:07:16.726134229Z","level":3}
{"log_message":"(I) fetching batch for v75lhm4jjpihdk6jqk5ciefmsu with version 0","timestamp":"2021-08-13T17:07:16.726190179Z","level":3}
{"log_message":"(I) writing 4 items for vault v75lhm4jjpihdk6jqk5ciefmsu","timestamp":"2021-08-13T17:07:16.824288819Z","level":3}
{"log_message":"(I) writing vault content version 7 for v75lhm4jjpihdk6jqk5ciefmsu","timestamp":"2021-08-13T17:07:16.826629207Z","level":3}
{"log_message":"(I) ### sync complete ###","timestamp":"2021-08-13T17:07:16.826959769Z","level":3}
{"log_message":"(I) syncing files","timestamp":"2021-08-13T17:07:16.826986839Z","level":3}
{"log_message":"(I) Re-authenticated successfully","timestamp":"2021-08-13T17:07:17.578443015Z","level":3}

But when I try to request the APIs I got the error below:
{"log_message":"(I) GET /v1/vaults/v75lhm4jjpihdk6jqk5ciefmsu","timestamp":"2021-08-13T18:13:38.404274548Z","level":3,"scope":{"request_id":"bbd05abb-f67d-4f47-ad67-cc15037f0ce0"}}
{"log_message":"(I) finding and decrypting credentials","timestamp":"2021-08-13T18:13:38.404693619Z","level":3,"scope":{"request_id":"db46f17b-7d52-4b68-83f6-d4393523479d","jti":"33qcqmw3sxyg5zv6tvgq4mejn4"}}
{"log_message":"(E) Server: (invalid token for credentials file), Wrapped: (failed to detect localAuth version), Wrapped: (failed to Unmarshal credentials file data into map), json: cannot unmarshal string into Go value of type map[string]interface {}","timestamp":"2021-08-13T18:13:38.40481103Z","level":1,"scope":{"request_id":"db46f17b-7d52-4b68-83f6-d4393523479d","jti":"33qcqmw3sxyg5zv6tvgq4mejn4"}}
{"log_message":"(I) GET /v1/vaults/v75lhm4jjpihdk6jqk5ciefmsu completed (500: Internal Server Error)","timestamp":"2021-08-13T18:13:38.40491411Z","level":3,"scope":{"request_id":"db46f17b-7d52-4b68-83f6-d4393523479d","jti":"33qcqmw3sxyg5zv6tvgq4mejn4"}}

This is the return of the "/health" is OK too:
{ "name": "1Password Connect API", "version": "1.3.1", "dependencies": [ { "service": "sqlite", "status": "ACTIVE", "message": "Connected to /home/opuser/.op/data/1password.sqlite" }, { "service": "account_data", "status": "AVAILABLE", "message": "Account data is available" }, { "service": "sync", "status": "ACTIVE" }, { "service": "1Password", "status": "UNINITIALIZED", "message": "Make a request with a valid bearer token to initialize" } ]}

What´s wrog with this configuration? I made in my local computer with https://localhost:8080 and works well, but in my Kubernetes cluster maybe there´s something missing....


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Referrer: forum-search:invalid token for credentials file

Comments

  • Jillian_1PJillian_1P

    Team Member

    Hi there,

    It looks like there is an issue with your credentials file. Can you validate that the credentials data stored in the op-credentials secret is what we would expect. That is, if we run kc get secret op-credentials -o json, the data field for 1password-credentials.json returns the string from your credentials file encoded twice (once automatically by Kubernetes secrets, and once by encoding them in the encoding step in the operator documentation.)

    If you are having issues base64 encoding the credentials file, you can also try deploying the operator and connect using our helm chart, as the helm chart will handle this for you.

  • Hi there.

    I find out a workround using this command below.
    kubectl create secret generic op-credentials --from-file=1password-credentials.json -n op-connect

    But I have no solution to configure the secret in my yaml file:


    apiVersion: v1
    kind: Secret
    metadata:
    name: op-credentials
    namespace: op-connect
    labels:
    security: generic
    type: Opaque
    stringData:
    1password-credentials.json: |
    "blablablablalbalba"

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file