Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
Former Member
4 years agoLoadLocalAuthV2 failed to credentialsDataFromBase64
Hello folks.
I've deployed a Connect Server and the connect-api is having the error:
{"log_message":"(E) Server: (unable to get credentials and initialize API, retrying in 30s), Wrapped: (failed to FindCredentialsUniqueKey), Wrapped: (failed to loadCredentialsFile), Wrapped: (LoadLocalAuthV2 failed to credentialsDataFromBase64), illegal base64 data at input byte 0","timestamp":"2022-07-05T19:55:41.177187902Z","level":1}
I'm using the OP_SESSION environment variable to appoint to my 1password-credentials.json file. (https://developer.1password.com/docs/connect/connect-server-configuration#environment-variables)
Any ideas about what must be causing this error?
Thank you!
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
2 Replies
- Former Member
Posting my findings in case anyone else stumbles upon the same error.
tl;dr the
1password-credentials.json
file needs to be double base64 encoded in the secret data! 🤦🏻♂️Context: I'm using ArgoCD to bootstrap my cluster, so I'm manually creating the secrets before deploying the Connect server. I can't use the
--from-file
argument since Argo is doing the Helm deployment, not me. The clue was in the https://github.com/1Password/connect-helm-charts/blob/main/charts/connect/templates/connect-credentials.yaml#L14 - specifically that the credentials content was being set asstringData
, notdata
, and was being base64 encoded. From the https://kubernetes.io/docs/concepts/configuration/secret/#restriction-names-data, values from thestringData
fields get base64 encoded into thedata
fields when the secret is created! Jackpot!I'm struggling to figure out how to clarify this in the docs. I think what's causing the confusion is that the default secret key is
1password-credentials.json
, but it's decoded contents are expected to be encoded JSON, not raw JSON. Would that be considered a bug or is that as designed? - Former Member
Hi there!
I suspect something is wrong with your connect token. Can you verify that your Connect token is correct, and make sure no characters are missing from copy/paste etc ?