Managing Encryption Secrets for Persistent Tokens in Plexus Application

Original Slack Thread

This message was deleted.

Hey there! :wave:

<@U06TM7M40RK> Can you help with the questions in this thread?

:information_source: Please continue to tag RunLLM (e.g <@U06TM7M40RK>) to have it continue generating responses!

It seems like you’re experiencing an issue where tokens are not persistent when you take down and bring up the Plexus application. This issue is likely related to the cryptographic keys used to encode and decode the tokens. When the application is restarted, if the cryptographic keys are regenerated, the previously generated tokens become invalid because the backend can no longer decode them correctly.

To address this issue, you need to ensure that the encryption secrets are persisted across deployments. Here are some steps you can follow:

  1. Persist Encryption Secrets: Ensure that the encryption secrets used by the application are persisted and not regenerated on each deployment. This can be configured in your deployment configuration files.

  2. Check Configuration: Verify that your configuration includes the necessary settings to persist the encryption secrets. For example, you can set the encryption secrets in your configuration file:

    plexus-application:
      encryption:
        secret: "your-encryption-secret"
    
  3. Environment Variables: Ensure that the environment variables related to encryption are set correctly in your deployment configuration. For example:

    PLEXUS_ENCRYPTION_SECRET=your-encryption-secret
    
  4. Use Upgrade Instead of Reinstall: If you are using a tool like Helm for deployment, consider using helm upgrade instead of helm delete and helm install to preserve the tokens.

Would you like more detailed steps or assistance with a specific part of this process?

Sources:

  • <Slack Thread on Personal Access Tokens> :+1: 0 button :-1: 0 button :light_bulb: Hint: Mention @runllm in the thread for followups.

Hi, how did my answer work out for you? Need any more assistance? You can also tag <@U07FV3UHE4D> to let your fellow community members know you’re still looking for guidance.

Hi :slight_smile: ! Did this interaction resolve your issue or do you still require assistance ?

Please tag @ RunLLM if you still need further assistance !

Or tag @Datahub Community Support if you require a person to take a look :slight_smile:

Hope this helps ! ><