I'm following the quick start guide for docker compose on Windows 10.
I think the version of the docs changed during the time I was setting it up, as the old version pipelines the setup asgit clone https://github.com/Infisical/infisical && cd infisical && copy .env.example .env && docker compose -f docker-compose.prod.yml up, which set up the databases with the default encryption keys, then said to change the keys in .env afterwards.
In both versions, the docs just link to envars docs which implies that you can just change the keys in the .env file at any time to generate a new database encrypted with the new keys. But changing the encryption keys in .env after initial database setup causes infisical to fail to start up with a "Unsupported state or unable to authenticate data" error.
The only way I've been able to change the encryption keys so far is to delete the containers, images, and volumes related to infisical in Docker Desktop, and run docker compose up with the desired keys in .env to rebuild the entire system from scratch. I didn't see any other way in documentation or browsing online.
change the encryption and authentication keys in .env
docker-compose -f docker-compose.prod.yml up
Expected behavior
Documentation for .env key variables that shows how a new database with new keys is created, or how existing databases could be re-keyed.
Or key variable documentation which explicitly explains that the process for changing keys is deleting the docker volumes and rebuilding, because there currently is no process to create a new database with different keys or re-key a database after the initialization process.
@ExistentialTedium thank you for the feedback, we really appreciate you taking time to write this out. We'll have the docs reflect this in our up coming sprint
Describe the bug
I'm following the quick start guide for docker compose on Windows 10.
I think the version of the docs changed during the time I was setting it up, as the old version pipelines the setup as
git clone https://github.com/Infisical/infisical && cd infisical && copy .env.example .env && docker compose -f docker-compose.prod.yml up
, which set up the databases with the default encryption keys, then said to change the keys in .env afterwards.In both versions, the docs just link to envars docs which implies that you can just change the keys in the .env file at any time to generate a new database encrypted with the new keys. But changing the encryption keys in .env after initial database setup causes infisical to fail to start up with a "Unsupported state or unable to authenticate data" error.
The only way I've been able to change the encryption keys so far is to delete the containers, images, and volumes related to infisical in Docker Desktop, and run
docker compose up
with the desired keys in .env to rebuild the entire system from scratch. I didn't see any other way in documentation or browsing online.To Reproduce
Steps to reproduce the behavior:
Expected behavior
Documentation for .env key variables that shows how a new database with new keys is created, or how existing databases could be re-keyed. Or key variable documentation which explicitly explains that the process for changing keys is deleting the docker volumes and rebuilding, because there currently is no process to create a new database with different keys or re-key a database after the initialization process.
Platform you are having the issue on:
Windows 10