Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
LoadLocalAuthV2 failed to credentialsDataFromBase64
Hello folks.
I've deployed a Connect Server and the connect-api is having the error:
{"log_message":"(E) Server: (unable to get credentials and initialize API, retrying in 30s), Wrapped: (fail...
Posting my findings in case anyone else stumbles upon the same error.
tl;dr the 1password-credentials.json file needs to be double base64 encoded in the secret data! 🤦🏻♂️
Context: I'm using ArgoCD to bootstrap my cluster, so I'm manually creating the secrets before deploying the Connect server. I can't use the --from-file argument since Argo is doing the Helm deployment, not me. The clue was in the https://github.com/1Password/connect-helm-charts/blob/main/charts/connect/templates/connect-credentials.yaml#L14 - specifically that the credentials content was being set as stringData, not data, and was being base64 encoded. From the https://kubernetes.io/docs/concepts/configuration/secret/#restriction-names-data, values from the stringData fields get base64 encoded into the data fields when the secret is created! Jackpot!
I'm struggling to figure out how to clarify this in the docs. I think what's causing the confusion is that the default secret key is 1password-credentials.json, but it's decoded contents are expected to be encoded JSON, not raw JSON. Would that be considered a bug or is that as designed?
