Must-share information (formatted with Markdown):
- Sonarqube verion 9.9 CE in kubernetes cluster
- encrypt JDBC password. using the generated secret key
- I followed the instruction from
and generated new secret which I added into my sonar.properties file, I restarted the pod and can see the page where I should be able to encrypt anything which I need to
However when I click on Encrypt, it say contact admin and print error message in the log as below
java.lang.IllegalStateException: java.security.InvalidKeyException: Invalid AES key length: 6 bytes
I have tried passing various lengths for this field but still get the same error, so not sure what am I missing.
I created a secret and config map to create the sonar.properties file, which will point to the
$ cat sonar.properties
And I can see the base64 secret key
base64 -i /opt/sonar/sonar-secret.txt ab4iof70djuGCo--------CqWHxeq435FXSK5Ommg=
Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!
What does the content of /opt/sonar/sonar-secret.txt look like? It should look exactly like the content of the secret key you generated (nothing else).
Yes it is the secret key which I copied from sonarqube UI and then added to the secret which is stored in this path
base64 -i /opt/sonar/sonar-secret.txt
To be clear:
ab4iof70djuGCoO3ZI0n6XgMCqWHxeq435FXSK5Ommg= is the output of
base64 -i /opt/sonar/sonar-secret.txt, but you aren’t actually using
ab4iof70djuGCoO3ZI0n6XgMCqWHxeq435FXSK5Ommg= anywhere, right?
No, I just copied it from sonarqube encrypt UI and added it to the secret and it not being used anywhere else as far as I am aware.
My understanding was that once this key is added to sonar-secret.txt, I will get the option to encrypt any property like jdbc password and I do get that option in the UI but the moment I enter anything in the UI and say encrypt it throws that error complaining about the length of the AES key, so not sure what wrong am I doing
I found the solution, so the secret key generated from sonarqube, looked like base64 so I did not base64 encoded it while adding into the secret. After I encoded the secret to base64, it worked and I dont get any error anymore… it was silly mistake on my part
I’m a bit perplexed because the raw secret from the SonarQube UI should be all you need to add to the file. No Base64 encoding.
Did you have to do something else than what was seen in my screenshot?
It may sound bit weird but, I tested it 2-3 times now and unless I do base64 conversion it does not work.
Here is my secret now, which is not what you get from sonrqube UI
base64 -i /opt/sonar/sonar-secret.txt (I replaced few characters)
Is having encrypted password inside /opt/sonarqube/conf/sonar.properties file enough like below?
or do I need to change my deployment to forcefully read it again from this file?
Yes, that should be enough.
Thanks, seems to work now.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.