Encryption key is invalid, Please check site_config.json on restore

With so few technical details from you, there is no way anyone can help you with that.

Are you the system manager?

@Khadija I do the same steps but the same error occur. Any alternative solutions?

gulp could you link your security issue please?

I have to say I agree. So far there doesn’t seem to be a way to check if your development will be accepted before you write it. So you could propose something, ask for a review, which doesn’t happen, develop & submit it and it gets rejected because they thought of a different way of doing it or don’t like it.

Can you please explain this one. I’m not able to understand what is encryption key here?
I enable the developer mode on, now I’m not able to open my local host.

Some services in ERPNext need to store sensitive items such as access tokens for Google, Facebook. etc.

All such things are stored encrypted.

The internal encryption system is unlocked by a single key.

That key is kept in this file:

.
├── apps
├── config
├── env
├── logs
├── patches.txt
├── Procfile
└─── sites
    ├── apps.txt
    ├── assets
    ├── common_site_config.json
    ├── currentsite.txt
    └── dev.erpnext.host
       ├── error-snapshots
       ├── indexes
       ├── locks
       ├── logs
       ├── private
       ├── public
       └── site_config.json  <===  critical site start up data

The contents of site_config.json look like this:

{
  "db_name": "_bdf39badcdead42ec90",
  "db_password": "ILCnhgnrheCRzjvC",
  "db_type": "mariadb",
  "domains": [                         the key
    "dev.erpnext.host"               **** | ****
  ],                                      v
  "encryption_key": "ikK6v8vzXT-5BwqmBfakedHl6oH5ARzSEDUxfh6ufbns=",
  "developer_mode": 1
}

You will not see “encryption_key” appear in that file until you have created some encrypted material, such as setting up connection to a 3rd party email service.

You’ll have to provide further details here before anyone can help you.

However, if you altered site_config.json incorrectly, that would stop your site from starting. You can confirm that it’s structure is valid here: Validate and format JSON

1 Like

Something like this needs to be surfaced somewhere better - an alert to the admin somewhere in the console besides the error console. This caused some serious issues for our company not realizing emails were not being sent out.

Suggestion would be to add the alert or follow up items/tasks for an admin user to see upon log in - such as on the version splash screen that shows there is an updated version available

I just got hit by this too, after moving ERPNext to another server.

Unfortunately for me, since the new server seems to be “just fine”, the previous server was wiped entirely.

Even https://docs.erpnext.com/docs/v13/user/manual/en/setting-up/data/download-backup did not mention a single “encryption” word.

Oh well, at least I’ve learned (even if too late).

1 Like

Easiest fix is that, passwords of all email accounts must be changed with newly generated.
To know exactly on which email account is having the problem, just make save the email domain. This will re-validate all checks and highlight which email account is having the problem.

According regenerate a new password and update in the email account.

In our case, only one user was affected by this. Every attemt at creating a new user with the same email failed. The solution was to delete the entries in table tabDefaultValue where the value in the column defkey matches username_otplogin and username_otpsecret

after that, the one time password can be reset and the user will work again. This may affect multiple users, in our case only one user was affected.

It happened after moving from one server to another. The site_config was not set up correctly and the affected user tried to login and tried to reset the OTP. This is where the false entry in the tabDefaultValue table was created. This entry was now locked to the wrong site_config. After restoring the site_config from the old server, this user was now unusable.

Maybe this will help someone!

1 Like

replace username with the correct username obviously :wink: