Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

HASURA_GRAPHQL_JWT_SECRET not working with RS256 in docker-compose

See original GitHub issue

From docker-compose.yaml HASURA_GRAPHQL_JWT_SECRET : ‘{“type”:“RS256”, “key”:“-----BEGIN PUBLIC KEY-----[mypublickey]-----END PUBLIC KEY-----”}’

Fatal Error: JWT conf: Error in $: Invalid JWK: Could not decode PEM: invalid PEM delimiter found

Am I doing something wrong?

Issue Analytics

State:
Created 5 years ago
Comments:17 (5 by maintainers)

Top GitHub Comments

8reactions

mkluehcommented, Nov 5, 2019

@ecthiender I agree, the key above is not in the PEM format, however I´ve tried the same with our PEM formatted key from the .pem file

      containers:
        - image: hasura/graphql-engine:v1.0.0-beta.9
          imagePullPolicy: IfNotPresent
          name: hasura
          env:
            - name: HASURA_GRAPHQL_DATABASE_URL
              value: postgres://hasura:[MASKED]@192.168.22.11:5432/masterdata
            - name: HASURA_GRAPHQL_ENABLE_CONSOLE
              value: "true"
            - name: HASURA_GRAPHQL_ENABLED_LOG_TYPES
              value: "startup, http-log, webhook-log, websocket-log, query-log"
            - name: HASURA_GRAPHQL_JWT_SECRET
              value: '{"type": "RS256","key": "-----BEGIN PUBLIC KEY-----
                                               MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7gtigpr8za0aY4pl5KVE
                                               93FPfwk9lfF9OX1QtMCP8fEm1aQL3SqNBlf+pRC2/TW0p5U5XcfFO/YLVMKzGpEG
                                               XD85SFyQbHUIoBswY6y4HswmeLA2/O+/Jo6guiPriXWpq4QS6arJgdCr+LGsphq3
                                               sY/Lxr8YOJWbCpM8UoR4foF580ixnfKSY41sHneTF9GwQyv1zt8uJ9MviBZpvCS1
                                               1wC7K81q0mPyM5QGBSdLDvTLizf4htOEQufRVzF7e4n2zFsnLXgmlyUFLRW/DOBV
                                               /lr1O7IO5WVRNf4M8x5pmtsG2dDJ9RBogx+s3cibkcwzPJuLd/Hru9CoCtMAEMnh
                                               7wIDAQAB
                                               -----END PUBLIC KEY-----","claims_namespace": "hasura","claims_format": "json"}'
          ports:
            - containerPort: 8080
              protocol: TCP
          resources: {}

I´ve tried that with spaces, with no spaces, as a single line without line breaks etc and it always produces

Fatal Error: JWT conf: Error in $: Invalid JWK: Could not decode PEM: invalid PEM delimiter found

EDIT:

Got it working now by changing a few things:

Added line breaks again
Changed the type to “RS512”
Added HASURA_GRAPHQL_ADMIN_SECRET

Thank you anyway 😃

 - name: HASURA_GRAPHQL_ADMIN_SECRET
              valueFrom:
                secretKeyRef:
                  name: hasura-secrets
                  key: hasura-admin-secret
            - name: HASURA_GRAPHQL_ENABLED_LOG_TYPES
              value: "startup, http-log, webhook-log, websocket-log, query-log"
            - name: HASURA_GRAPHQL_JWT_SECRET
              value: '{"type": "RS512","key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7gtigpr8za0aY4pl5KVE\n93FPfwk9lfF9OX1QTMCP8fEm1nOL3SqNBlf+pTC2/TW0p5U5XcfFO/YLPMKzGpEG\nXD85SFyQbHUIoBswY6y4HswneLA2/O+/Jo6guiPriXWpq4QS6arJgdCr+LGsphq3\nsY/Lxr2YOJWbCpM8UoR4foF580jxnfKSY41sHneTF9GwQyv1zt8uJ9MviBZpvCS1\n1wD7K81q0mPyM5QGBSdLIvTLirf4htOEQufRHzH7e4n2zFsnLXgmlyUFLRW/DOBV\n/lr1O7IO5WVRNf4M8x5pmtsG2dDJ9RBogx+s3cibkcwzPJuLd/Hru9CoCtMAEMnh\n7wIDAQAB\n-----END PUBLIC KEY-----","claims_namespace": "hasura","claims_format": "json"}'

5reactions

shahidhkcommented, Jan 3, 2019

@jakobrosenberg This is typically a quoting/newline error. Can you use https://hasura.io/jwt-config and generate the value with proper escaping etc. and try again?