search

semaphoreui / semaphore

Modern UI and powerful API for Ansible, Terraform, OpenTofu, PowerShell and other DevOps tools.
https://semaphoreui.com
MIT License
10.74k stars 1.07k forks source link

Problem:SEMAPHORE_ ACCESS_KEY_ENCRYPTION not used? #2228

Open Sombeyyy opened 4 months ago

Sombeyyy commented 4 months ago

Issue

I noticed that in the generated config.json the correct value for "access_key_encryption" is not set when using the variable "SEMAPHORE_ACCESS_KEY_ENCRYPTION" or "SEMAPHORE_ACCESS_KEY_ENCRYPTION_FILE" in Docker. Eacht ime the container is restarted, this file is recreated and a new key appears, but never the one that should be specified by variable. Am I missing something here?

Set key for SEMAPHORE_ACCESS_KEY_ENCRYPTION" using "head -c32 /dev/urandom | base64" is for example: RnwTG9roEdPuytSwrcZq+d/e0fkTCE+Zwq3BPCELCKY=

Value set in config.json when container is running: q4/suQltMirKJ10QAmollfRHVSo3907eBx+PP8FJH+Y=" (changes after restarting the container)

Impact

Docker

Installation method

Docker

Database

Postgres

Browser

Chrome, Microsoft Edge

Semaphore Version

v2.10.22-e44910d-1721658561

Ansible Version

No response

Logs & errors

No response

Manual installation - system information

No response

Configuration

No response

Additional information

No response

sonor3000 commented 4 months ago

I use SEMAPHORE_ACCESS_KEY_ENCRYPTION in my docker-compose.yml file. Is the issue solved if you use this name for the variable?

Sombeyyy commented 4 months ago

There is a spelling mistake in the ticket, sorry. I use SEMAPHORE_ACCESS_KEY_ENCRYPTION or SEMAPHORE_ACCESS_KEY_ENCRYPTION_FILE. Both do not seem to work.

JLBIZ commented 3 months ago

Hi there, I had a similar/same issue.

Actually semaphore does not seem to care about the value of access_key_encryption in your config.json. It seems to be sufficient to have an environment variable SEMAPHORE_ACCESS_KEY_ENCRYPTION available in the docker container. You could check in your docker container if the enviroment variable is set correctly.

In my case, I just messed up the docker environment file (stack.env), where I had a section that looked like below. This let to the environment variable not being set in the container.

SEMAPHORE_ACCESS_KEY_ENCRYPTION=${SEMAPHORE_ACCESS_KEY_ENCRYPTION}

I replaced the section with 

SEMAPHORE_ACCESS_KEY_ENCRYPTION=${ENCRYPTION_KEY}

and set the ENCRYPTION_KEY from Portainer.

Now the SEMAPHORE_ACCESS_KEY_ENCRYPTION variable is also set inside of the docker container and semaphore is not loosing it's encryption key after the container is rebuilt.