Error: The OTP is invalid

[Hacksore]

Hi trying to use the docker image and figure this repo has more traction that CI images one.

So I am attempt to run this:

 docker run -it --env-file .env --rm ghcr.io/sslcom/codesigner:latest sign \
  -input_file_path=/codesign/examples/codesign.ps1 \
  -override=true -malware_block=false

With an .env like this:

USERNAME="redacted"
PASSWORD="redacted"
CREDENTIAL_ID="redacted"
TOTP_SECRET="redacted" # 52 char string copied from the dashboard

but I get:

Run CodeSigner
Running ESigner.com CodeSign Action

Something Went Wrong. Please try again.
Error: The OTP is invalid

But if I omit the totp then it will prompt me and entering a valid one the sign will go through successfully. Is there something im doing horrible wrong, advice greatly appreciated.

[Hacksore]

I see this article https://www.ssl.com/how-to/automate-esigner-ev-code-signing/ mentions the following scenarios where it can fail.

If you get the error message, Error: invalid otp when attempting to sign a file with automation, it could be caused by one or more of these issues:

• The TOTP secret in the command is associated with a different user account and/or certificate than indicated by the login credentials and credential ID specified.
• The TOTP secret in the command is otherwise invalid.
• Your system time is not synchronized with a reliable time server. The TOTP algorithm depends on your computer’s time closely matching the signing server’s.

[Hacksore]

Case closed, I was copying the secret value from 1password and it seems to be formatted/encoded differently.

I copied the secret value from the dashboard of ssl.com and all is working now!