Support

Secret Key Mismatch Error

Follow

Background

When RStudio Connect is installed, there is a "secret key" that is also installed in the background which is used for encrypted communication between the database and the application server. One half of this key is sent to the hard disk of your RStudio Connect application server, and the other half is sent to your database. 

When the database and the application server communicate, this key is checked to ensure that data is being sent to the correct place, as well as encrypted while in transit. If the key matches, then data is able to traverse between the RStudio Connect application server and the database.

If this key doesn't match, then an error will be presented and RStudio Connect will be inaccessible.

 

Problem

While trying to start the RStudio Connect service, you see an error that looks similar to this:

Error: Unable to initialize the database: Secret key mismatch between database and file; the database was previously used with a different secret key that began with: xxxxxxxxxxxx

 

Resolution

The first step to resolving this issue, you should perform the following:

  1. If you are using NFS, ensure that your NFS service starts BEFORE the RStudio Connect service.

To do this, you can edit the systemd unit file which can be found in /etc/systemd/system/rstudio-connect.service:

[Unit]
Description=RStudio Connect
After=network-online.target
Wants=network-online.target
RequiresMountsFor=/networkstorage/rstudio-connect
For example, if the DataDir was set to /networkstorage/rstudio-connect, run systemctl daemon-reload  to read the change, then restart the RStudio Connect service as below:
sudo systemctl restart rstudio-connect

        2. Confirm the location of your data directory: Server.DataDir - Is this correct and available from all nodes?

 

The key is usually located in the following directory:

/var/lib/rstudio-connect/db/secret.key

This file is used to initiate communication with the database, so if it is deleted, changed, or the permissions are such that it can't be read, the server will not be able to start. The first thing we would recommend is to try and find that file:

locate secret.key

If it is found, cat the file to see what the contents are and if the file contains what it should, as per the error message (file starts with xxxxxxxx). If it doesn't, then you will need to restore the key from a backup if you have one, or reset it (described later in this guide). If it does exist, check that the permissions are correct:

namei -mo <full file path>

If this is correct then you will need to reset it. Please note that any encrypted data you have in the database will be lost - examples of that are here:
https://docs.rstudio.com/connect/admin/appendix/cli/#examples_1

This should therefore only be done as a last resort. To reset the secret key, conduct the following:

  1. Stop Connect - sudo systemctl stop rstudio-connect
  2. Add the following lines to /etc/rstudio-connect/rstudio-connect.gcfg
[Database] 
ResetSecretKey = true
  1. Start Connect and wait until it's ready (you can load the initial page) - sudo systemctl start rstudio-connect
  2. Stop Connect - sudo systemctl stop rstudio-connect
  3. Remove the lines added to /etc/rstudio-connect/rstudio-connect.gcfg
  4. Restart Connect for normal operation - sudo systemctl restart rstudio-connect

This will enable you to access your RStudio Connect instance. I would suggest investigating this further internally with your organization as to what caused the original file to disappear. This file is created by RStudio Connect on the first install and isn't modified afterwards.

 

Support Ticket

If you still have issues after completing the above, you can always lodge a support ticket, where our group of friendly, and incredibly knowledgeable staff can assist with any issues that you may be having. You can submit a ticket here:

https://support.rstudio.com/hc/en-us/requests/new

 

Comments