SonarQube DE Container - Unable to Encrypt Values (cannot get past "Generate secret key" step)

My organization is running version 8.4.2 of SonarQube Developer Edition in a Container and version 2.7.1 of the SonarScanner for Bamboo (trial).

We wish to configure LDAP authentication for our SQ DE Container. I am trying to encrypt the LDAP password as well as a other sensitive data for inclusion in I am following the steps in I do the following:

  • generate the secret key
  • save the key to /root/.sonar/sonar-secret.txt on the container
  • change file ownership to sonarqube:sonarqube, ensure read only
  • restart the SonarQube Server by clicking “Restart Server” button under Administration > System (I also tried docker stop sonarqube && docker start sonarqube).

After logging in again to SonarQube and returning to Administration > Configuration > Encryption, the UI does not display the “Secret key is registered. You can encrypt any propery value…” message. Instead, the UI again displays “Generate secret key”.

Can someone share with me which step(s) I am missing?

Hi @leweri and welcome to the community :wave:

if you want to put the key in this location, you need to specify it either via


or via the representative env variable


btw: there is a docker restart command, so you don’t have to docker stop sonarqube && docker start sonarqube

hope that helps :slight_smile:

Hi @Tobias_Trabelsi,

Thank you for the reply.

I am still doing something wrong. I have added the line




and then issued

docker restart sonarqube.

After logging in again, I go back to Administration > Configuration > Encryption, and the UI shows just the “Generate Secret Key” button, and not the expected “Generate the encrypted values of your settings” UI, as described in .

EDIT: The issue is resolved. Placing sonar-secret.txt at the default location of /root/.sonar/sonar-secret.txt did not work. After I moved the file to /opt/sonarqube/sonar-secret.txt and restarted the container, the UI displays the window for entering sensitive data for encryption. Thanks.

Great that this is working now for you. i could imagine as sonarqube is running as a dedicated user in the container that this user could not access anything in /root/.
Just to summarize:
Placing the sonar-secret.txt in /root/ did not work (probably due to filesystem permissions), but putting it in $SONAR_HOME so /opt/sonarqube/ in the case of working with docker, works as intended.

That’s correct, /root/.sonar/sonar-secret.txt did not work (even though I did change ownership with chown -R sonarqube:sonarqube /root/.sonar/).

But the filepath /opt/sonarqube/sonar-secret.txt did work.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.