2

I'm trying to get gossip encryption enabled on a local cluster running the bitnami/consul image.

I have created the containers with CONSUL_GOSSIP_ENCRYPTION: 'true' and CONSUL_GOSSIP_ENCRYPTION_KEY environment variables but all I ever get is this error:

2020-10-29T11:00:32.089Z [ERROR] agent: Error starting agent: error="Failed to configure keyring: Invalid key: key size must be 16, 24 or 32 bytes" 2020-10-29T11:00:32.089Z [INFO] agent: Exit code: code=1

I'm using consul keygen for the encryption key which is what the documentation says to use.

mike brennan
  • 21
  • 1
  • Prior to Consul 1.6, `consul keygen` generated a 16 byte key. After 1.6.0, it now generates a 32 byte key. Either should be compatible. Could you share the CONSUL_GOSSIP_ENCRYPTION_KEY value, and the Docker command you're using to pass in that value? – Blake Covarrubias Oct 29 '20 at 16:36
  • So to generate the key I ran: `docker run --name consul bitnami/consul:1.8.5 consul keygen` The key itself: `CONSUL_GOSSIP_ENCRYPTION_KEY: '+E4j3IU9Blv0aGDFEX2LJ2p3h47oBTJztY0eB9SgYzE='` – mike brennan Oct 29 '20 at 17:30
  • I’m able to get this working when passing the environment variables in via `docker run -e` or editing the compose file. Would you mind providing the exact command you’re using to start docker from the CLI, or the exact compose file you’re using so that we can better identify if there are errors in the syntax? – Blake Covarrubias Oct 29 '20 at 17:53
  • I'm running it on a local kind kubernetes cluster. So the `CONSUL_GOSSIP_ENCRYPTION_KEY` is passed as an environment variable to the container. – mike brennan Oct 29 '20 at 17:57

0 Answers0