LoadLocalAuthV2 failed to credentialsDataFromBase64

7ieroc

Hello folks.

I've deployed a Connect Server and the connect-api is having the error:

{"log_message":"(E) Server: (unable to get credentials and initialize API, retrying in 30s), Wrapped: (failed to FindCredentialsUniqueKey), Wrapped: (failed to loadCredentialsFile), Wrapped: (LoadLocalAuthV2 failed to credentialsDataFromBase64), illegal base64 data at input byte 0","timestamp":"2022-07-05T19:55:41.177187902Z","level":1}

I'm using the OP_SESSION environment variable to appoint to my 1password-credentials.json file. (https://developer.1password.com/docs/connect/connect-server-configuration#environment-variables)

Any ideas about what must be causing this error?

Thank you!

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Jillian_1P

Hi there!

I suspect something is wrong with your connect token. Can you verify that your Connect token is correct, and make sure no characters are missing from copy/paste etc ?

jsclayton

Posting my findings in case anyone else stumbles upon the same error.

tl;dr the 1password-credentials.json file needs to be double base64 encoded in the secret data! 🤦🏻‍♂️

Context: I'm using ArgoCD to bootstrap my cluster, so I'm manually creating the secrets before deploying the Connect server. I can't use the --from-file argument since Argo is doing the Helm deployment, not me. The clue was in the helm chart - specifically that the credentials content was being set as stringData, not data, and was being base64 encoded. From the docs, values from the stringData fields get base64 encoded into the data fields when the secret is created! Jackpot!

I'm struggling to figure out how to clarify this in the docs. I think what's causing the confusion is that the default secret key is 1password-credentials.json, but it's decoded contents are expected to be encoded JSON, not raw JSON. Would that be considered a bug or is that as designed?