Forum Discussion

Former Member's avatar
Former Member
3 years ago

LoadLocalAuthV2 failed to credentialsDataFromBase64

Hello folks.

I've deployed a Connect Server and the connect-api is having the error:

{"log_message":"(E) Server: (unable to get credentials and initialize API, retrying in 30s), Wrapped: (failed to FindCredentialsUniqueKey), Wrapped: (failed to loadCredentialsFile), Wrapped: (LoadLocalAuthV2 failed to credentialsDataFromBase64), illegal base64 data at input byte 0","timestamp":"2022-07-05T19:55:41.177187902Z","level":1}

I'm using the OP_SESSION environment variable to appoint to my 1password-credentials.json file. (https://developer.1password.com/docs/connect/connect-server-configuration#environment-variables)

Any ideas about what must be causing this error?

Thank you!

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

secrets management

2 Replies

Sort By
  • Former Member's avatar
    Former Member
    3 years ago

    Posting my findings in case anyone else stumbles upon the same error.

    tl;dr the 1password-credentials.json file needs to be double base64 encoded in the secret data! 🤦🏻‍♂️

    Context: I'm using ArgoCD to bootstrap my cluster, so I'm manually creating the secrets before deploying the Connect server. I can't use the --from-file argument since Argo is doing the Helm deployment, not me. The clue was in the https://github.com/1Password/connect-helm-charts/blob/main/charts/connect/templates/connect-credentials.yaml#L14 - specifically that the credentials content was being set as stringData, not data, and was being base64 encoded. From the https://kubernetes.io/docs/concepts/configuration/secret/#restriction-names-data, values from the stringData fields get base64 encoded into the data fields when the secret is created! Jackpot!

    I'm struggling to figure out how to clarify this in the docs. I think what's causing the confusion is that the default secret key is 1password-credentials.json, but it's decoded contents are expected to be encoded JSON, not raw JSON. Would that be considered a bug or is that as designed?

  • Former Member's avatar
    Former Member
    3 years ago

    Hi there!

    I suspect something is wrong with your connect token. Can you verify that your Connect token is correct, and make sure no characters are missing from copy/paste etc ?