Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

secretOrPrivateKey is not valid key material #20485

Closed
talinkb opened this issue Nov 20, 2023 · 3 comments
Closed

secretOrPrivateKey is not valid key material #20485

talinkb opened this issue Nov 20, 2023 · 3 comments
Labels
🕵️ Needs More Info

Comments

@talinkb
Copy link

talinkb commented Nov 20, 2023

Describe the Bug

When trying to login to my locally hosted directus instance I get an "Unexpected Error". After checking the logs through docker, I can see that this is the message that's being returned whenever I try to login:

2023-11-20 17:53:55 [16:53:54.830] ERROR: secretOrPrivateKey is not valid key material
2023-11-20 17:53:55 err: {
2023-11-20 17:53:55 "type": "Error",
2023-11-20 17:53:55 "message": "secretOrPrivateKey is not valid key material",
2023-11-20 17:53:55 "stack":
2023-11-20 17:53:55 Error: secretOrPrivateKey is not valid key material
2023-11-20 17:53:55 at module.exports [as sign] (/directus/node_modules/.pnpm/jsonwebtoken@9.0.1/node_modules/jsonwebtoken/sign.js:115:24)

I've changed nothing to do with my directus setup, and the nuxt app thats accessing it (which is also locally hosted) Is still able to get data.

To Reproduce

I'm not sure how to reproduce it because I changed absolutely nothing about the setup and it was working perfectly until a couple of hours ago

Directus Version

10.7.1

Hosting Strategy

Self-Hosted (Docker Image)
@rijkvanzanten
Copy link
Member

Did you set or change the SECRET environment variable? Sounds like that's either undefined or an unexpected type 🤔

@talinkb
Copy link
Author

talinkb commented Nov 21, 2023
edited by azrikahar

I set it to 84...68 (10 digits), and it worked perfectly and haven't changed anything since then

@azrikahar
Copy link
Contributor

it was working perfectly until a couple of hours ago

@talinkb since you have shared it over here in a public space, I would highly recommend you to change that SECRET for security purposes 👍

Perhaps there was a Directus upgrade? The secretOrPrivateKey is not valid key material error is specific to the jsonwebtoken package ever since jsonwebtoken v9: https://github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v8-to-v9#secrets-public-keys-and-private-keys-must-contain-valid-key-material

and Directus has upgraded to that version back in Directus v9.22.2 via #16875 so you should likely have faced said error much earlier unless you were on an older version until recently, if I'm not mistaken.

If you would still like to use numbers as your SECRET value, you can prepend string: in front, such as string:<your previous secret> to cast it as string, which is an acceptable type for Node crypto's createSecretKey used under the hood in jsonwebtoken.

Understandably a SECRET that is entirely made of numbers shouldn't be casted as number, but we'll track this together in #9521.

@azrikahar azrikahar closed this as not planned Won't fix, can't repro, duplicate, stale Nov 21, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 31, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
🕵️ Needs More Info
Projects
Software Roadmap
Archived in project
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rijkvanzanten @azrikahar @talinkb