Private/public key generation for self-hosted openFN

Hello team,

I have tried using the production images, but i’m facing a challenge on private key public key on env file. How are this keys generated or do you already have predefined keys.?

1 Like

Hey @ibrahimwickama ! Great to see you on the forum :heart: .

Here’s the main docs on generating keys: Deployment — Lightning v2.6.3

And for worker keys in particular there’s a mix task (mix lightning.gen_worker_keys) that will do it for you.

Please let me know if this works.

1 Like

Hey @taylordowns2000

Thanks for the assist, am glad to say that has work great. Just bumped to another Error message for failure to decode PEM.

Any ideas on this…?

failure to decode PEM? oh man, may be beyond my expertise.

@stu , @elias , @rogerio , do you guys have ideas here?

i will look more tomorrow AM too. did you generate all those keys with the mix command? and did you pass them into the ENV?

here’s the line that’s complaining: lightning/config/runtime.exs at main · OpenFn/lightning · GitHub

looks like your key should be base64 encoded before you pass it into the WORKER_RUNS_PRIVATE_KEY environment variable.

hope this helps :pray:

1 Like

Yeah sure thing, the variables were included on .env with base64 key generated by the mix command outputs.


Thus after booting again now it yield’s the above new error faced.

Hope @stu , @elias may help shade some light.


Hrmm. “Could not decode PEM” is the result we get when

your_key_here |> Base.decode64(padding: false) returns :error.

The whole code block is doing this:

  |> Base.decode64(padding: false)
  |> case do
    {:ok, pem} -> pem
    :error -> raise "Could not decode PEM"

(src: lightning/config/runtime.exs, line 141-150)

So there is something about how that key is getting set as an environment variable that your system is not liking.

I just did a quick test: if I paste the base64 key that’s generated by the mix command into an interactive Elixir shell (iex) and pipe it into Base.decode64(padding: false) it works like a charm.

If, however, I have a space or a line break before or after the string it returns :error. I hope I’m not sending you on a wild goose chase, but could you possible double check that they key you’re setting as your WORKER_RUNS_PRIVATE_KEY is just the base64 string itself, no spaces or line breaks before or after?

Then two more things that might help debug (if this fails):

  1. What operating system are you using?
  2. Does your .env file look like this: WORKER_RUNS_PRIVATE_KEY="blahblahblahwithnospacesorlinebreaks"

Yeah, I have also tried this and it’s working fine.
@ibrahimwickama in addition to double checking spaces, you can also try getting rid of the quotes. i.e. WORKER_RUNS_PRIVATE_KEY=blahblah instead of "blahblah"

1 Like