My organization is running version 8.4.2 of SonarQube Developer Edition in a Container and version 2.7.1 of the SonarScanner for Bamboo (trial).
We wish to configure LDAP authentication for our SQ DE Container. I am trying to encrypt the LDAP password as well as a other sensitive data for inclusion in sonar.properties. I am following the steps in https://docs.sonarqube.org/latest/instance-administration/security/. I do the following:
generate the secret key
save the key to /root/.sonar/sonar-secret.txt on the container
change file ownership to sonarqube:sonarqube, ensure read only
restart the SonarQube Server by clicking “Restart Server” button under Administration > System (I also tried docker stop sonarqube && docker start sonarqube).
After logging in again to SonarQube and returning to Administration > Configuration > Encryption, the UI does not display the “Secret key is registered. You can encrypt any propery value…” message. Instead, the UI again displays “Generate secret key”.
Can someone share with me which step(s) I am missing?
I am still doing something wrong. I have added the line
sonar.secretKeyPath=/root/.sonar/sonar-secret.txt
to
/opt/sonarqube/conf/sonar.properties
and then issued
docker restart sonarqube.
After logging in again, I go back to Administration > Configuration > Encryption, and the UI shows just the “Generate Secret Key” button, and not the expected “Generate the encrypted values of your settings” UI, as described in https://docs.sonarqube.org/latest/instance-administration/security/ .
EDIT: The issue is resolved. Placing sonar-secret.txt at the default location of /root/.sonar/sonar-secret.txt did not work. After I moved the file to /opt/sonarqube/sonar-secret.txt and restarted the container, the UI displays the window for entering sensitive data for encryption. Thanks.
Great that this is working now for you. i could imagine as sonarqube is running as a dedicated user in the container that this user could not access anything in /root/.
Just to summarize:
Placing the sonar-secret.txt in /root/ did not work (probably due to filesystem permissions), but putting it in $SONAR_HOME so /opt/sonarqube/ in the case of working with docker, works as intended.