Backup error: The AWS Access Key Id you provided does not exist

Michael_Chudinov · November 4, 2021, 11:46pm

A secret is created in the same namespace xtradb where xtradb is running.

apiVersion: v1
kind: Secret
metadata:
  name: my-cluster-name-backup-s3
  namespace: xtradb
type: Opaque
data:
  AWS_ACCESS_KEY_ID: xxx
  AWS_SECRET_ACCESS_KEY: xxx

The backup is defined in values file like this referencing the S3 credentials in Kubernetes secret:

backup:
  enabled: true
  image: ""
  imagePullSecrets: []  
  pitr:
    enabled: false    
  storages:
    s3-storage:
      type: s3
      s3:
        bucket: test
        credentialsSecret: my-cluster-name-backup-s3
        region: default
        endpointUrl: https://test.s3
  schedule:
    - name: "daily-s3"
      schedule: "*/10 * * * *"
      keep: 5
      storageName: s3-storage

The following error then comes up

INFO: [SST script] + mc -C /tmp/mc config host add dest https://cgd.bf.object.osl.basefarm.net/ ACCESS_KEY_ID SECRET_ACCESS_KEY

INFO: [SST script] mc: <ERROR> Unable to initialize new alias from the provided credentials. The AWS Access Key Id you provided does not exist.

However when the backup is defined directly with the same access key and secret

  storages:
    s3-storage:
      type: s3
      s3:
        bucket: test
        credentialsAccessKey: xxx
        credentialsSecretKey: xxx
        region: default
        endpointUrl:  https://test.s3

backup works fine.

What is wrong with the created Kubernetes secret? What does it mean “The AWS Access Key Id you provided does not exist.” ?

Sergey_Pronin · November 5, 2021, 2:05pm

Hey @Michael_Chudinov ,

I tried to reproduce it, but it worked for me.

Are you encoding your keys with base64 in secret yaml manifest?

Michael_Chudinov · November 12, 2021, 9:17am

Yes secrets are encoded.
When I use the same secret base64 encoded strings directly in backup yaml definition everything works.

I substitute values when Helm chart installation and then backup works:

    --set backup.storages.s3-storage.s3.credentialsAccessKey=$XTRADB_BACKUP_S3_ACCESSKEY \
    --set backup.storages.s3-storage.s3.credentialsSecretKey=$XTRADB_BACKUP_S3_SECRETKEY

That might be troubles with HCP object storage we are using as S3-compatible storage.

Topic		Replies	Views
Auto-create buckets for S3 backup Percona Operator for MySQL	2	788	June 14, 2023
Check storage connection: storage: no init file, attempt to create failed: upload to S3: AccessDenied: Access Denied Percona Backup for MongoDB	4	970	July 27, 2023
Percona Operator XtraDB Backup Cron to Minio Fails to add credentials Percona Operator for MySQL	11	1779	April 16, 2021
AWS s3 backups with service account: "ERROR Storage credentials secret does not exist" Percona Operator for MongoDB closed-no-reply	0	190	May 14, 2024
Operator XtraDB Backup fails Percona XtraBackup	1	607	November 28, 2023

Backup error: The AWS Access Key Id you provided does not exist

Related topics