1password connect no longer works : failed to Decrypt localAuthv2: Authentication failed, invalid bearer token

[iMartyn]

I have had to recreate my 1password connect + csi-secrets-store installation and it is not working at all where it was before :

Server: (unable to get credentials and initialize API, retrying in 30s), Wrapped: (failed to FindCredentials), failed to Decrypt localAuthv2: Authentication failed, invalid bearer token"

I recreated everything from scratch, including the token in the app, multiple times, but no matter what I do, 1password connect never syncs with 1password.

I wondered if it was the infamous double-base64-encoding again, but no, that's a different error.

It's as if 1password is just rejecting the tokens for no reason.

[martyn-meister]

I managed to get it working by using helm in a separate cluster and getting the secret from there. There is definitely a mess of stuff to deal with if you don't want to use the helm chart to render the secret (e.g. if you are using argo and that would expose the secret in the values to everyone who has cluster access).

[asteurer]

Were either of you able to solve this? I'm encountering the same error message. I attempted to delete and recreate the connect server, but that seems not to have solved the issue.

[asteurer]

I think I found the source of the problem. It looks like there might be some weird character things going on with the json credentials base64, so I added the -w 0 flag to the base64 command.

helm upgrade --install connect 1password/connect \
		--set connect.credentials_base64=$(echo $OP_CREDENTIALS_JSON | base64 -w 0) \
		--set operator.create=true \
		--set operator.token.value=$OP_CONNECT_TOKEN