How to define secret in config.php

oljas · March 12, 2021, 10:31am

Recently I have realized I don’t have ‘secret’ defined in config.php. This makes mail app unusable.
I dont recall setting secret or deleting it. Maybe it was never there. My oldest backup is one year old and there is no ‘secret’. Instance running since owncloud 7.
Just adding ‘secret’ to my config.php makes whole nextcloud unusable. I cannot login facing Internal Server Error.

Is there any proper way to define ‘secret’ in running installation?

ganto · November 5, 2022, 12:28pm

I have the same question. With the update to Nextcloud 25 the ‘secret’ is required to be defined to a non-empty value. But in my config.php initially created for Owncloud 4.0 this variable has an empty value. Obviously I’m not using file encryption via Nextcloud.

valery-el · November 13, 2022, 7:25am

I have the same problem when upgrading from 24.0.7 to 25.
Temporary solution (I can’t insert the command code, sorry):

save the next cloud directory (except data, if it is large)
download from Changelog - Nextcloud / archive with version 24 (wget https://download.nextcloud.com/server/releases/nextcloud-24.0.7.zip )
expand the archive
replace the files in the next cloud directory with the ones you downloaded
correct the line in config.php on ‘version’ => ‘24.0.7.1’,
it works!

I don’t know yet how to add ‘secret’ to upgrade to version 25.

devnull · November 13, 2022, 9:34am

Do you mean updater.secret? Link.

Hopefully correct HTML version if command line not possible:

<?php
$password = trim(substr(base64_encode(mt_rand()), 0, 47));
$hash = password_hash($password, PASSWORD_DEFAULT);
echo "hash: " . $hash . "<br>";
echo "password: " . $password . "<br>";
?>

valery-el · November 13, 2022, 1:35pm

No, I mean the secret parameter from config.php . I have had it empty since the deployment of the cloud, in version 25 it should be filled.

https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html

"Defaults to false

‘secret’ => ‘’,

Secret used by Nextcloud for various purposes, e.g. to encrypt data. If you lose this string there will be data corruption."

bovender · November 18, 2022, 8:50pm

I experienced the same problem after upgrading from NC 24 to NC 25. It’s odd that the documentation is so sparse, given that not setting this variable prevents the software from running.

However, I was able to solve it by setting the secret variable in config.php to the output of:

openssl rand -hex 64

However, after doing this, I had to authenticate all my apps and devices to my Nextcloud instance again. Also, I had to delete any NC-related cookies in web browsers. So be prepared to spend some time after getting NC to run again…

bovender · November 19, 2022, 4:30pm

I should also add that after changing the value of the secret variable (in my case from '' to a random 64-character string), the Passwords app is unable to access any of the passwords. It is of course expected that it cannot do that after changing the secret.

The only way to access stored passwords would be to set secret = '' and downgrade to NC 24. I have not attempted to to that, because downgrading database-dependent apps is generally not a good thing. Also, restoring the passwords from one of the automatic backups that the Passwords app creates all the time won’t work. The secret is really key.

So for me, the way forward is to have my passwords reset on various websites. Luckily, I also have an ancient text-based password list from the era before I started to use Nextcloud.

Folks just should be aware that they won’t be able to access their data in the Passwords app after changing the secret.

valery-el · November 20, 2022, 1:38pm

Yes, this is not an option. While I’m living for 24, I’ll think about whether it’s worth going to replace all passwords or change the application itself.