Help us build a better product, earn the PaxPro Advocate badge: Six short questions, one cool badge.

Visit the official Paxata Documentation portal for all of your doc needs.

Invalid Keyseed Demystified

When starting paxata server, if you see invalid keyseed error such as:

com.paxata.encryption.PXEncryptionException: Invalid key seed for PES service

What does it mean? And how to resolve this?

Paxata relies on /usr/local/paxata/server/config/pes.properties as keyseed to encrypt/decrypt metadata in MongoDB. If this file is missing, then Paxata will not know how to decrypt the encrypted fields in MongoDB.

So the first step is to recover the pes.properties. Is it possible the locate the old pes.properties when paxata-server was fresh installed? It should be under /usr/local/paxata/server/config/ by default.

If that is not possible, that means existing encrypted fields, such as user password, can no longer be recovered. If you are okay to not using these existing users and existing connector configuration with passwords, then you can remove the guardrail check to prevent server from starting up.

command to remove the guardrail.

mongo

use paxata

db.guardraillimits.remove({guardRailTypeName: “guardrail.encryption.pes.keyseed”}) 
Sign In or Register to comment.