Hello,
I encounter a problem when I want to identify myself, I use the login and password that was provided during the initalization of the database, however when I indicate the correct login Error Authentication Failed.
I set gcpckms KMS and disable.
Below you can find the error logs and the controller configuration.
Is there anyone who has already encountered this problem, or would be able to help me
______________Log ____________
{“id”:“eunuPLtAKK”,“source”:“https://hashicorp.com/boundary/control",“specversion”:“1.0”,“type”:“error”,“data”:{“error”:"kms.(RootKeyVersion).Decrypt: error occurred during decrypt, encryption issue: error #301: error unwrapping value: failed to decrypt envelope: rpc error: code = InvalidArgument desc = Decryption failed: verify that ‘name’ refers to the correct CryptoKey.”,“error_fields”:{“Code”:301,“Msg”:"",“Op”:“kms.(RootKeyVersion).Decrypt”,“Wrapped”:{}},“id”:“e_nL39yDFJS”,“version”:“v0.1”,“op”:“kms.(RootKeyVersion).Decrypt”,“request_info”:{“id”:“gtraceid_0wvHBkuqgfDYgU6hXvGd”,“method”:“POST”,“path”:"/v1/auth-methods/ampw_bb4568RtzJ:authenticate"}},“datacontentype”:“application/cloudevents”,“time”:“2021-12-22T17:01:25.325557552+01:00”}
{“id”:“11xS7jYsiV”,“source”:“https://hashicorp.com/boundary/control",“specversion”:“1.0”,“type”:“error”,“data”:{“error”:"kms.(Repository).ListRootKeyVersions: error decrypting key num 0: kms.(RootKeyVersion).Decrypt: error occurred during decrypt, encryption issue: error #301: error unwrapping value: failed to decrypt envelope: rpc error: code = InvalidArgument desc = Decryption failed: verify that ‘name’ refers to the correct CryptoKey.”,“error_fields”:{“Code”:301,“Msg”:“error decrypting key num 0”,“Op”:“kms.(Repository).ListRootKeyVersions”,“Wrapped”:{“Code”:301,“Msg”:"",“Op”:“kms.(RootKeyVersion).Decrypt”,“Wrapped”:{}}},“id”:“e_nL39yDFJS”,“version”:“v0.1”,“op”:“kms.(Repository).ListRootKeyVersions”,“request_info”:{“id”:“gtraceid_0wvHBkuqgfDYgU6hXvGd”,“method”:“POST”,“path”:"/v1/auth-methods/ampw_bb4568RtzJ:authenticate"}},“datacontentype”:“application/cloudevents”,“time”:“2021-12-22T17:01:25.326452654+01:00”}
{“id”:“7B0lE09h34”,“source”:“https://hashicorp.com/boundary/control",“specversion”:“1.0”,“type”:“error”,“data”:{“error”:"kms.loadRoot: error looking up root key versions for scope global with key ID projects/test/locations/global/keyRings/test-key/cryptoKeys/worker-auth1/cryptoKeyVersions/1: kms.(Repository).ListRootKeyVersions: error decrypting key num 0: kms.(RootKeyVersion).Decrypt: error occurred during decrypt, encryption issue: error #301: error unwrapping value: failed to decrypt envelope: rpc error: code = InvalidArgument desc = Decryption failed: verify that ‘name’ refers to the correct CryptoKey.”,“error_fields”:{“Code”:301,“Msg”:“error looking up root key versions for scope global with key ID projects/test/locations/global/keyRings/test-key/cryptoKeys/worker-auth1/cryptoKeyVersions/1”,“Op”:“kms.loadRoot”,“Wrapped”:{“Code”:301,“Msg”:“error decrypting key num 0”,“Op”:“kms.(Repository).ListRootKeyVersions”,“Wrapped”:{“Code”:301,“Msg”:"",“Op”:“kms.(RootKeyVersion).Decrypt”,“Wrapped”:{}}}},“id”:“e_nL39yDFJS”,“version”:“v0.1”,“op”:“kms.loadRoot”,“request_info”:{“id”:“gtraceid_0wvHBkuqgfDYgU6hXvGd”,“method”:“POST”,“path”:"/v1/auth-methods/ampw_bb4568RtzJ:authenticate"}},“datacontentype”:“application/cloudevents”,“time”:“2021-12-22T17:01:25.327365656+01:00”}
{“id”:“DCqog4SKKH”,“source”:“https://hashicorp.com/boundary/control",“specversion”:“1.0”,“type”:“error”,“data”:{“error”:"kms.GetWrapper: error loading root key for scope global: kms.loadRoot: error looking up root key versions for scope global with key ID projects/test/locations/global/keyRings/test-key/cryptoKeys/worker-auth1/cryptoKeyVersions/1: kms.(Repository).ListRootKeyVersions: error decrypting key num 0: kms.(RootKeyVersion).Decrypt: error occurred during decrypt, encryption issue: error #301: error unwrapping value: failed to decrypt envelope: rpc error: code = InvalidArgument desc = Decryption failed: verify that ‘name’ refers to the correct CryptoKey.”,“error_fields”:{“Code”:301,“Msg”:“error loading root key for scope global”,“Op”:“kms.GetWrapper”,“Wrapped”:{“Code”:301,“Msg”:“error looking up root key versions for scope global with key ID projects/test/locations/global/keyRings/test-key/cryptoKeys/worker-auth1/cryptoKeyVersions/1”,“Op”:“kms.loadRoot”,“Wrapped”:{“Code”:301,“Msg”:“error decrypting key num 0”,“Op”:“kms.(Repository).ListRootKeyVersions”,“Wrapped”:{“Code”:301,“Msg”:"",“Op”:“kms.(RootKeyVersion).Decrypt”,“Wrapped”:{}}}}},“id”:“e_nL39yDFJS”,“version”:“v0.1”,“op”:“kms.GetWrapper”,“request_info”:{“id”:“gtraceid_0wvHBkuqgfDYgU6hXvGd”,“method”:“POST”,“path”:"/v1/auth-methods/ampw_bb4568RtzJ:authenticate"}},“datacontentype”:“application/cloudevents”,“time”:“2021-12-22T17:01:25.328152858+01:00”}
{“id”:“3sHJvhWrWX”,“source”:“https://hashicorp.com/boundary/control",“specversion”:“1.0”,“type”:“error”,“data”:{“error”:"password.(Repository).Authenticate: unable to get database wrapper: encryption issue: error #300: kms.GetWrapper: error loading root key for scope global: kms.loadRoot: error looking up root key versions for scope global with key ID projects/test/locations/global/keyRings/test-key/cryptoKeys/worker-auth1/cryptoKeyVersions/1: kms.(Repository).ListRootKeyVersions: error decrypting key num 0: kms.(RootKeyVersion).Decrypt: error occurred during decrypt, encryption issue: error #301: error unwrapping value: failed to decrypt envelope: rpc error: code = InvalidArgument desc = Decryption failed: verify that ‘name’ refers to the correct CryptoKey.”,“error_fields”:{“Code”:300,“Msg”:“unable to get database wrapper”,“Op”:“password.(Repository).Authenticate”,“Wrapped”:{“Code”:301,“Msg”:“error loading root key for scope global”,“Op”:“kms.GetWrapper”,“Wrapped”:{“Code”:301,“Msg”:“error looking up root key versions for scope global with key ID projects/test/locations/global/keyRings/test-key/cryptoKeys/worker-auth1/cryptoKeyVersions/1”,“Op”:“kms.loadRoot”,“Wrapped”:{“Code”:301,“Msg”:“error decrypting key num 0”,“Op”:“kms.(Repository).ListRootKeyVersions”,“Wrapped”:{“Code”:301,“Msg”:"",“Op”:“kms.(RootKeyVersion).Decrypt”,“Wrapped”:{}}}}}},“id”:“e_nL39yDFJS”,“version”:“v0.1”,“op”:“password.(Repository).Authenticate”,“request_info”:{“id”:“gtraceid_0wvHBkuqgfDYgU6hXvGd”,“method”:“POST”,“path”:"/v1/auth-methods/ampw_bb4568RtzJ:authenticate"}},“datacontentype”:“application/cloudevents”,“time”:“2021-12-22T17:01:25.328879859+01:00”}
{“id”:“OPcWax7tz7”,“source”:“https://hashicorp.com/boundary/control",“specversion”:“1.0”,“type”:“error”,“data”:{“error”:"password.(Repository).Authenticate: unable to get database wrapper: encryption issue: error #300: kms.GetWrapper: error loading root key for scope global: kms.loadRoot: error looking up root key versions for scope global with key ID projects/test/locations/global/keyRings/test-key/cryptoKeys/worker-auth1/cryptoKeyVersions/1: kms.(Repository).ListRootKeyVersions: error decrypting key num 0: kms.(RootKeyVersion).Decrypt: error occurred during decrypt, encryption issue: error #301: error unwrapping value: failed to decrypt envelope: rpc error: code = InvalidArgument desc = Decryption failed: verify that ‘name’ refers to the correct CryptoKey.”,“error_fields”:{“Code”:300,“Msg”:“unable to get database wrapper”,“Op”:“password.(Repository).Authenticate”,“Wrapped”:{“Code”:301,“Msg”:“error loading root key for scope global”,“Op”:“kms.GetWrapper”,“Wrapped”:{“Code”:301,“Msg”:“error looking up root key versions for scope global with key ID projects/test/locations/global/keyRings/test-key/cryptoKeys/worker-auth1/cryptoKeyVersions/1”,“Op”:“kms.loadRoot”,“Wrapped”:{“Code”:301,“Msg”:“error decrypting key num 0”,“Op”:“kms.(Repository).ListRootKeyVersions”,“Wrapped”:{“Code”:301,“Msg”:"",“Op”:“kms.(RootKeyVersion).Decrypt”,“Wrapped”:{}}}}}},“id”:“e_nL39yDFJS”,“version”:“v0.1”,“op”:“handlers.ErrorHandler”,“request_info”:{“id”:“gtraceid_0wvHBkuqgfDYgU6hXvGd”,“method”:“POST”,“path”:"/v1/auth-methods/ampw_bb4568RtzJ:authenticate"},“info”:{“msg”:“internal error returned”}},“datacontentype”:“application/cloudevents”,“time”:“2021-12-22T17:01:25.32960266+01:00”}
{“id”:“LFYmhXJDyC”,“source”:“https://hashicorp.com/boundary/control",“specversion”:“1.0”,“type”:“observation”,“data”:{“latency-ms”:88.937483,“request_info”:{“id”:“gtraceid_0wvHBkuqgfDYgU6hXvGd”,“method”:“POST”,“path”:"/v1/auth-methods/ampw_bb4568RtzJ:authenticate"},“start”:“2021-12-22T17:01:25.241377579+01:00”,“status”:500,“stop”:“2021-12-22T17:01:25.330314562+01:00”,“version”:“v0.1”},“datacontentype”:“application/cloudevents”,“time”:"2021-12-22T17:01:25.330367962+01:00”}
end__
______________Conf controller.hcl ________________
disable_mlock = true
controller {
name = “control”
database {
url = “postgresql://boundary:####@localhost/boundary”
}
}
listener “tcp” {
address = “192.168.1.28”
purpose = “api”
tls_disable = false
tls_min_version = “tls11”
tls_max_version = “tls12”
tls_cert_file = “/etc/boundary/ssl/snakeoil.pem”
tls_key_file = “/etc/boundary/ssl/snakeoil.key”
}
listener “tcp” {
address = “192.168.1.28”
purpose = “cluster”
tls_disable = false
}
kms “gcpckms” {
purpose = “root”
credentials = “/etc/boundary/key-cred.json”
project = “####”
region = “global”
key_ring = “####”
crypto_key = “worker-auth1”
}
kms “gcpckms” {
purpose = “worker-auth”
credentials = “/etc/boundary/key-cred.json”
project = “####”
region = “global”
key_ring = “####”
crypto_key = “worker-auth1”
}
kms “gcpckms” {
purpose = “recovery”
credentials = “/etc/boundary/key-cred.json”
project = “####”
region = “global”
key_ring = “####”
crypto_key = “worker-auth1”
}
end____