Backup error: The AWS Access Key Id you provided does not exist

A secret is created in the same namespace xtradb where xtradb is running.

apiVersion: v1
kind: Secret
metadata:
  name: my-cluster-name-backup-s3
  namespace: xtradb
type: Opaque
data:
  AWS_ACCESS_KEY_ID: xxx
  AWS_SECRET_ACCESS_KEY: xxx

The backup is defined in values file like this referencing the S3 credentials in Kubernetes secret:

backup:
  enabled: true
  image: ""
  imagePullSecrets: []  
  pitr:
    enabled: false    
  storages:
    s3-storage:
      type: s3
      s3:
        bucket: test
        credentialsSecret: my-cluster-name-backup-s3
        region: default
        endpointUrl: https://test.s3
  schedule:
    - name: "daily-s3"
      schedule: "*/10 * * * *"
      keep: 5
      storageName: s3-storage

The following error then comes up

INFO: [SST script] + mc -C /tmp/mc config host add dest https://cgd.bf.object.osl.basefarm.net/ ACCESS_KEY_ID SECRET_ACCESS_KEY

INFO: [SST script] mc: <ERROR> Unable to initialize new alias from the provided credentials. The AWS Access Key Id you provided does not exist.

However when the backup is defined directly with the same access key and secret

  storages:
    s3-storage:
      type: s3
      s3:
        bucket: test
        credentialsAccessKey: xxx
        credentialsSecretKey: xxx
        region: default
        endpointUrl:  https://test.s3

backup works fine.

What is wrong with the created Kubernetes secret? What does it mean “The AWS Access Key Id you provided does not exist.” ?

1 Like

Hey @Michael_Chudinov ,

I tried to reproduce it, but it worked for me.

Are you encoding your keys with base64 in secret yaml manifest?

1 Like

Yes secrets are encoded.
When I use the same secret base64 encoded strings directly in backup yaml definition everything works.

I substitute values when Helm chart installation and then backup works:

    --set backup.storages.s3-storage.s3.credentialsAccessKey=$XTRADB_BACKUP_S3_ACCESSKEY \
    --set backup.storages.s3-storage.s3.credentialsSecretKey=$XTRADB_BACKUP_S3_SECRETKEY 

That might be troubles with HCP object storage we are using as S3-compatible storage.

1 Like