'Unsupported cipher or incorrect key length' when using generated APP_KEY via docker compose #5026

New Issue

Closed

opened 2026-02-05 09:34:46 +03:00 by OVERLORD · 10 comments

OVERLORD commented 2026-02-05 09:34:46 +03:00

Owner

Copy Link

Originally created by @chaospheremk on GitHub (Oct 25, 2024).

Attempted Debugging

• I have read the debugging page

Searched GitHub Issues

• I have searched GitHub for the issue.

Describe the Scenario

The problem is that after a fresh install/setup of bookstack, I go to the bookstack URL I configured and see a header of "An Error Occurred" with the content under it showing "An unknown error occurred"

This is a fresh install of bookstack via docker-compose. I'm using mariadb as the mysql database. I did use the recommendation in the documentation to generate the APP_KEY with the following command docker run -it --rm --entrypoint /bin/bash lscr.io/linuxserver/bookstack:latest appkey

This generates a 44 character APP_KEY. However, online documentation seems to indicate that it should be a 32 character key? I'm not entirely sure.

Other documentation suggests using php artisan key:generate and php artisan migrate but that appears to be for a manual install. I'm not sure how I would or could accomplish the same thing when installing via docker compose.

Exact BookStack Version

v24.10-ls170

Log Content

With APP_DEBUG not set to true:

Details

> [2024-10-25 15:02:24] production.ERROR: Unsupported cipher or incorrect key length. Supported ciphers are: aes-128-cbc, aes-256-cbc, aes-128-gcm, aes-256-gcm. {"exception":"[object] (RuntimeException(code: 0): Unsupported cipher or incorrect key length. Supported ciphers are: aes-128-cbc, aes-256-cbc, aes-128-gcm, aes-256-gcm. at /app/www/vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php:55)
> [stacktrace]
> #0 /app/www/vendor/laravel/framework/src/Illuminate/Encryption/EncryptionServiceProvider.php(32): Illuminate\\Encryption\\Encrypter->__construct()
> #1 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(908): Illuminate\\Encryption\\EncryptionServiceProvider->Illuminate\\Encryption\\{closure}()
> #2 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(795): Illuminate\\Container\\Container->build()
> #3 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(961): Illuminate\\Container\\Container->resolve()
> #4 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(731): Illuminate\\Foundation\\Application->resolve()
> #5 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(946): Illuminate\\Container\\Container->make()
> #6 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(1066): Illuminate\\Foundation\\Application->make()
> #7 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(982): Illuminate\\Container\\Container->resolveClass()
> #8 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(943): Illuminate\\Container\\Container->resolveDependencies()
> #9 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(795): Illuminate\\Container\\Container->build()
> #10 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(961): Illuminate\\Container\\Container->resolve()
> #11 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(731): Illuminate\\Foundation\\Application->resolve()
> #12 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(946): Illuminate\\Container\\Container->make()
> #13 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(255): Illuminate\\Foundation\\Application->make()
> #14 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(213): Illuminate\\Foundation\\Http\\Kernel->terminateMiddleware()
> #15 /app/www/public/index.php(56): Illuminate\\Foundation\\Http\\Kernel->terminate()
> #16 {main}

With APP_DEBUG set to true, I can go to the bookstack ip and see the following:

Error
RuntimeException
Unsupported cipher or incorrect key length. Supported ciphers are: aes-128-cbc, aes-256-cbc, aes-128-gcm, aes-256-gcm.

Environment
PHP Version: 8.3.12
BookStack Version: v24.10

Stack Trace

Details

> #0 /app/www/vendor/laravel/framework/src/Illuminate/Encryption/EncryptionServiceProvider.php(32): Illuminate\Encryption\Encrypter->__construct()
> #1 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(908): Illuminate\Encryption\EncryptionServiceProvider->Illuminate\Encryption\{closure}()
> #2 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(795): Illuminate\Container\Container->build()
> #3 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(961): Illuminate\Container\Container->resolve()
> #4 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(731): Illuminate\Foundation\Application->resolve()
> #5 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(946): Illuminate\Container\Container->make()
> #6 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(1066): Illuminate\Foundation\Application->make()
> #7 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(982): Illuminate\Container\Container->resolveClass()
> #8 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(943): Illuminate\Container\Container->resolveDependencies()
> #9 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(795): Illuminate\Container\Container->build()
> #10 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(961): Illuminate\Container\Container->resolve()
> #11 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(731): Illuminate\Foundation\Application->resolve()
> #12 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(946): Illuminate\Container\Container->make()
> #13 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(172): Illuminate\Foundation\Application->make()
> #14 /app/www/app/Http/Middleware/ApplyCspRules.php(33): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
> #15 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): BookStack\Http\Middleware\ApplyCspRules->handle()
> #16 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(119): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
> #17 /app/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(805): Illuminate\Pipeline\Pipeline->then()
> #18 /app/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(784): Illuminate\Routing\Router->runRouteWithinStack()
> #19 /app/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(748): Illuminate\Routing\Router->runRoute()
> #20 /app/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(737): Illuminate\Routing\Router->dispatchToRoute()
> #21 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(200): Illuminate\Routing\Router->dispatch()
> #22 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(144): Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http\{closure}()
> #23 /app/www/app/Http/Middleware/PreventResponseCaching.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
> #24 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): BookStack\Http\Middleware\PreventResponseCaching->handle()
> #25 /app/www/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(39): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
> #26 /app/www/app/Http/Middleware/TrustProxies.php(41): Illuminate\Http\Middleware\TrustProxies->handle()
> #27 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): BookStack\Http\Middleware\TrustProxies->handle()
> #28 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
> #29 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(40): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle()
> #30 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\Foundation\Http\Middleware\TrimStrings->handle()
> #31 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
> #32 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\Foundation\Http\Middleware\ValidatePostSize->handle()
> #33 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(99): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
> #34 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance->handle()
> #35 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(119): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
> #36 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(175): Illuminate\Pipeline\Pipeline->then()
> #37 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(144): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter()
> #38 /app/www/public/index.php(52): Illuminate\Foundation\Http\Kernel->handle()
> #39 {main}

Hosting Environment

I am simply trying to host bookstack via Docker with docker compose. Host OS is Ubuntu 24.04.

Originally created by @chaospheremk on GitHub (Oct 25, 2024). ### Attempted Debugging - [X] I have read the debugging page ### Searched GitHub Issues - [X] I have searched GitHub for the issue. ### Describe the Scenario The problem is that after a fresh install/setup of bookstack, I go to the bookstack URL I configured and see a header of "An Error Occurred" with the content under it showing "An unknown error occurred"  This is a fresh install of bookstack via docker-compose. I'm using mariadb as the mysql database. I did use the recommendation in the documentation to generate the APP_KEY with the following command `docker run -it --rm --entrypoint /bin/bash lscr.io/linuxserver/bookstack:latest appkey` This generates a 44 character APP_KEY. However, online documentation seems to indicate that it should be a 32 character key? I'm not entirely sure. Other documentation suggests using `php artisan key:generate` and `php artisan migrate` but that appears to be for a manual install. I'm not sure how I would or could accomplish the same thing when installing via docker compose. ### Exact BookStack Version v24.10-ls170 ### Log Content With APP_DEBUG not set to true: <details><summary>Details</summary> <p> ``` > [2024-10-25 15:02:24] production.ERROR: Unsupported cipher or incorrect key length. Supported ciphers are: aes-128-cbc, aes-256-cbc, aes-128-gcm, aes-256-gcm. {"exception":"[object] (RuntimeException(code: 0): Unsupported cipher or incorrect key length. Supported ciphers are: aes-128-cbc, aes-256-cbc, aes-128-gcm, aes-256-gcm. at /app/www/vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php:55) > [stacktrace] > #0 /app/www/vendor/laravel/framework/src/Illuminate/Encryption/EncryptionServiceProvider.php(32): Illuminate\\Encryption\\Encrypter->__construct() > #1 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(908): Illuminate\\Encryption\\EncryptionServiceProvider->Illuminate\\Encryption\\{closure}() > #2 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(795): Illuminate\\Container\\Container->build() > #3 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(961): Illuminate\\Container\\Container->resolve() > #4 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(731): Illuminate\\Foundation\\Application->resolve() > #5 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(946): Illuminate\\Container\\Container->make() > #6 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(1066): Illuminate\\Foundation\\Application->make() > #7 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(982): Illuminate\\Container\\Container->resolveClass() > #8 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(943): Illuminate\\Container\\Container->resolveDependencies() > #9 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(795): Illuminate\\Container\\Container->build() > #10 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(961): Illuminate\\Container\\Container->resolve() > #11 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(731): Illuminate\\Foundation\\Application->resolve() > #12 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(946): Illuminate\\Container\\Container->make() > #13 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(255): Illuminate\\Foundation\\Application->make() > #14 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(213): Illuminate\\Foundation\\Http\\Kernel->terminateMiddleware() > #15 /app/www/public/index.php(56): Illuminate\\Foundation\\Http\\Kernel->terminate() > #16 {main} ``` </p> </details> With APP_DEBUG set to true, I can go to the bookstack ip and see the following: Error RuntimeException Unsupported cipher or incorrect key length. Supported ciphers are: aes-128-cbc, aes-256-cbc, aes-128-gcm, aes-256-gcm. Environment PHP Version: 8.3.12 BookStack Version: v24.10 Stack Trace <details><summary>Details</summary> <p> ``` > #0 /app/www/vendor/laravel/framework/src/Illuminate/Encryption/EncryptionServiceProvider.php(32): Illuminate\Encryption\Encrypter->__construct() > #1 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(908): Illuminate\Encryption\EncryptionServiceProvider->Illuminate\Encryption\{closure}() > #2 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(795): Illuminate\Container\Container->build() > #3 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(961): Illuminate\Container\Container->resolve() > #4 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(731): Illuminate\Foundation\Application->resolve() > #5 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(946): Illuminate\Container\Container->make() > #6 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(1066): Illuminate\Foundation\Application->make() > #7 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(982): Illuminate\Container\Container->resolveClass() > #8 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(943): Illuminate\Container\Container->resolveDependencies() > #9 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(795): Illuminate\Container\Container->build() > #10 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(961): Illuminate\Container\Container->resolve() > #11 /app/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(731): Illuminate\Foundation\Application->resolve() > #12 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(946): Illuminate\Container\Container->make() > #13 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(172): Illuminate\Foundation\Application->make() > #14 /app/www/app/Http/Middleware/ApplyCspRules.php(33): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() > #15 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): BookStack\Http\Middleware\ApplyCspRules->handle() > #16 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(119): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() > #17 /app/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(805): Illuminate\Pipeline\Pipeline->then() > #18 /app/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(784): Illuminate\Routing\Router->runRouteWithinStack() > #19 /app/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(748): Illuminate\Routing\Router->runRoute() > #20 /app/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(737): Illuminate\Routing\Router->dispatchToRoute() > #21 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(200): Illuminate\Routing\Router->dispatch() > #22 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(144): Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http\{closure}() > #23 /app/www/app/Http/Middleware/PreventResponseCaching.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() > #24 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): BookStack\Http\Middleware\PreventResponseCaching->handle() > #25 /app/www/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(39): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() > #26 /app/www/app/Http/Middleware/TrustProxies.php(41): Illuminate\Http\Middleware\TrustProxies->handle() > #27 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): BookStack\Http\Middleware\TrustProxies->handle() > #28 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() > #29 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(40): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle() > #30 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\Foundation\Http\Middleware\TrimStrings->handle() > #31 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() > #32 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\Foundation\Http\Middleware\ValidatePostSize->handle() > #33 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(99): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() > #34 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance->handle() > #35 /app/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(119): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}() > #36 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(175): Illuminate\Pipeline\Pipeline->then() > #37 /app/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(144): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter() > #38 /app/www/public/index.php(52): Illuminate\Foundation\Http\Kernel->handle() > #39 {main} ``` </p> </details> ### Hosting Environment I am simply trying to host bookstack via Docker with docker compose. Host OS is Ubuntu 24.04.

OVERLORD added the 🐕 Support label 2026-02-05 09:34:46 +03:00

OVERLORD closed this issue 2026-02-05 09:34:47 +03:00

OVERLORD commented 2026-02-05 09:34:49 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Oct 25, 2024):

Whatever is generated via that appkey command should be fine, since it's just running the key:generate command we suggest anyway: 1eb8aa7e86/root/appkey

@ssddanbrown commented on GitHub (Oct 25, 2024): Whatever is generated via that appkey command should be fine, since it's just running the `key:generate` command we suggest anyway: https://github.com/linuxserver/docker-bookstack/blob/1eb8aa7e866a2d2d0303a393c23e381b340a4f9c/root/appkey

OVERLORD commented 2026-02-05 09:34:50 +03:00

Author

Owner

Copy Link

@chaospheremk commented on GitHub (Oct 25, 2024):

@ssddanbrown Well, as an update... just for kicks I generated my own 32 character key, plugged it in, and now bookstack is working. So it appears that what was generated by the appkey command is unfortunately not fine. What it generates is too long for bookstack to be able to use.

There might be a problem with the key:generate command and the default number of characters? It appears 44 characters is too long of a key for a default installation. Or am I missing something?

Second, is there any issue with me generating my own key? I didn't use key:generate and just used a powershell function I personally created to generate a random password at variable lengths.

@chaospheremk commented on GitHub (Oct 25, 2024): @ssddanbrown Well, as an update... just for kicks I generated my own 32 character key, plugged it in, and now bookstack is working. So it appears that what was generated by the appkey command is unfortunately not fine. What it generates is too long for bookstack to be able to use. There might be a problem with the key:generate command and the default number of characters? It appears 44 characters is too long of a key for a default installation. Or am I missing something? Second, is there any issue with me generating my own key? I didn't use key:generate and just used a powershell function I personally created to generate a random password at variable lengths.

OVERLORD commented 2026-02-05 09:34:53 +03:00

Author

Owner

Copy Link

@cgaskins-tx commented on GitHub (Oct 27, 2024):

I am running in to the exact same problem with Ubuntu 24.04 as the docker host + MariaDB.

production.ERROR: Unsupported cipher or incorrect key length.

I generated my key using the documented command:
docker run -it --rm --entrypoint /bin/bash lscr.io/linuxserver/bookstack:latest appkey

Which generates a key but causes the error above at runtime.

I tried generating my own key as follows and I still get the same error.
openssl rand -base64 32

@chaospheremk - How did you generate your own key?

@cgaskins-tx commented on GitHub (Oct 27, 2024): I am running in to the exact same problem with Ubuntu 24.04 as the docker host + MariaDB. `production.ERROR: Unsupported cipher or incorrect key length.` I generated my key using the documented command: `docker run -it --rm --entrypoint /bin/bash lscr.io/linuxserver/bookstack:latest appkey` Which generates a key but causes the error above at runtime. I tried generating my own key as follows and I still get the same error. `openssl rand -base64 32` @chaospheremk - How did you generate your own key?

OVERLORD commented 2026-02-05 09:34:56 +03:00

Author

Owner

Copy Link

@cgaskins-tx commented on GitHub (Oct 27, 2024):

Well never mind... I was generating a key to long - duh...

Tried again with the following:
openssl rand -base64 24

It worked perfectly. I am up and running now. :-)

@cgaskins-tx commented on GitHub (Oct 27, 2024): Well never mind... I was generating a key to long - duh... Tried again with the following: `openssl rand -base64 24` It worked perfectly. I am up and running now. :-)

OVERLORD commented 2026-02-05 09:34:57 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Oct 28, 2024):

@chaospheremk @cgaskins-tx When you were using the appkey command were you just taking the text after the base64: in the output string? If so, that could be the issue, that should be part of the value:

APP_KEY="base64:gJJbTsv2CTPeHrCOmu0crY65zypNC747jgMHvYEUlto="

The desired value is 32 bytes, which is what that command provides, but it is represented base64 encoded which results in a longer string.

Second, is there any issue with me generating my own key?

Don't think any major issue, might just be less secure (using a narrower range of bytes within the key).

@ssddanbrown commented on GitHub (Oct 28, 2024): @chaospheremk @cgaskins-tx When you were using the `appkey` command were you just taking the text after the `base64:` in the output string? If so, that could be the issue, that should be part of the value: ```bash APP_KEY="base64:gJJbTsv2CTPeHrCOmu0crY65zypNC747jgMHvYEUlto=" ``` The desired value is 32 bytes, which is what that command provides, but it is represented base64 encoded which results in a longer string. > Second, is there any issue with me generating my own key? Don't think any major issue, might just be less secure (using a narrower range of bytes within the key).

OVERLORD commented 2026-02-05 09:34:59 +03:00

Author

Owner

Copy Link

@cgaskins-tx commented on GitHub (Oct 28, 2024):

@chaospheremk @cgaskins-tx When you were using the appkey command were you just taking the text after the base64: in the output string? If so, that could be the issue, that should be part of the value:

APP_KEY="base64:gJJbTsv2CTPeHrCOmu0crY65zypNC747jgMHvYEUlto="

The desired value is 32 bytes, which is what that command provides, but it is represented base64 encoded which results in a longer string.

Second, is there any issue with me generating my own key?

Don't think any major issue, might just be less secure (using a narrower range of bytes within the key).

Yes sir. I did NOT include the "base64:" so that was probably the issue. I apologize for the mistake.

@cgaskins-tx commented on GitHub (Oct 28, 2024): > @chaospheremk @cgaskins-tx When you were using the `appkey` command were you just taking the text after the `base64:` in the output string? If so, that could be the issue, that should be part of the value: > > ```shell > APP_KEY="base64:gJJbTsv2CTPeHrCOmu0crY65zypNC747jgMHvYEUlto=" > ``` > > The desired value is 32 bytes, which is what that command provides, but it is represented base64 encoded which results in a longer string. > > > Second, is there any issue with me generating my own key? > > Don't think any major issue, might just be less secure (using a narrower range of bytes within the key). Yes sir. I did NOT include the "base64:" so that was probably the issue. I apologize for the mistake.

OVERLORD commented 2026-02-05 09:35:01 +03:00

Author

Owner

Copy Link

@chaospheremk commented on GitHub (Nov 4, 2024):

I am running in to the exact same problem with Ubuntu 24.04 as the docker host + MariaDB.

production.ERROR: Unsupported cipher or incorrect key length.

I generated my key using the documented command: docker run -it --rm --entrypoint /bin/bash lscr.io/linuxserver/bookstack:latest appkey

Which generates a key but causes the error above at runtime.

I tried generating my own key as follows and I still get the same error. openssl rand -base64 32

@chaospheremk - How did you generate your own key?

I generated it with a custom powershell function I created for randomly generating passwords

function New-ComplexPassword {

    [CmdletBinding()]
    param ( [int]$Length = 16 )

    Begin {

        $upperCase = [char[]]"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
        $lowerCase = [char[]]"abcdefghijklmnopqrstuvwxyz"
        $digits = [char[]]"0123456789"
        $specialChars = [char[]]"!@#$%^&*()-_=+[]{}|;:,.<>?/"

        # Combine all character sets
        [char[]]$allChars = $upperCase + $lowerCase + $digits + $specialChars
    }

    Process {

        $passwordList = [System.Collections.Generic.List[PSObject]]::new()
        $passwordList.Add(($upperCase | Get-SecureRandom))
        $passwordList.Add(($lowerCase | Get-SecureRandom))
        $passwordList.Add(($digits | Get-SecureRandom))
        $passwordList.Add(($specialChars | Get-SecureRandom))

        # Generate the remaining characters randomly
        for ($i = $passwordList.count; $i -lt $Length; $i++) { $passwordList.Add(($allChars | Get-SecureRandom)) }

        # Convert the password array to a string and return
        [string]$passwordString = ($passwordList | Get-SecureRandom -Shuffle) -join ''

        $passwordString
    }
}

I took the output from the above function New-ComplexPassword -Length 32 and just plugged it in. It worked fine. After reading the above conversation it's possible I did not include base64: in my value as well.

@chaospheremk commented on GitHub (Nov 4, 2024): > I am running in to the exact same problem with Ubuntu 24.04 as the docker host + MariaDB. > > `production.ERROR: Unsupported cipher or incorrect key length.` > > I generated my key using the documented command: `docker run -it --rm --entrypoint /bin/bash lscr.io/linuxserver/bookstack:latest appkey` > > Which generates a key but causes the error above at runtime. > > I tried generating my own key as follows and I still get the same error. `openssl rand -base64 32` > > @chaospheremk - How did you generate your own key? I generated it with a custom powershell function I created for randomly generating passwords ``` function New-ComplexPassword { [CmdletBinding()] param ( [int]$Length = 16 ) Begin { $upperCase = [char[]]"ABCDEFGHIJKLMNOPQRSTUVWXYZ" $lowerCase = [char[]]"abcdefghijklmnopqrstuvwxyz" $digits = [char[]]"0123456789" $specialChars = [char[]]"!@#$%^&*()-_=+[]{}|;:,.<>?/" # Combine all character sets [char[]]$allChars = $upperCase + $lowerCase + $digits + $specialChars } Process { $passwordList = [System.Collections.Generic.List[PSObject]]::new() $passwordList.Add(($upperCase | Get-SecureRandom)) $passwordList.Add(($lowerCase | Get-SecureRandom)) $passwordList.Add(($digits | Get-SecureRandom)) $passwordList.Add(($specialChars | Get-SecureRandom)) # Generate the remaining characters randomly for ($i = $passwordList.count; $i -lt $Length; $i++) { $passwordList.Add(($allChars | Get-SecureRandom)) } # Convert the password array to a string and return [string]$passwordString = ($passwordList | Get-SecureRandom -Shuffle) -join '' $passwordString } } ``` I took the output from the above function `New-ComplexPassword -Length 32` and just plugged it in. It worked fine. After reading the above conversation it's possible I did not include `base64:` in my value as well.

OVERLORD commented 2026-02-05 09:35:03 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Nov 4, 2024):

Okay, thanks for confirming.
I'll therefore close this off but if this continues to occur I'll look to collaborate with the linuxserver team to improve their guidance around this.

@ssddanbrown commented on GitHub (Nov 4, 2024): Okay, thanks for confirming. I'll therefore close this off but if this continues to occur I'll look to collaborate with the linuxserver team to improve their guidance around this.

OVERLORD commented 2026-02-05 09:35:05 +03:00

Author

Owner

Copy Link

@tenebrisnox commented on GitHub (Jan 12, 2025):

Just to belatedly add that this issue dogged me with a fresh install until I tried @cgaskins-tx's solution. Worked. Thank you.

@tenebrisnox commented on GitHub (Jan 12, 2025): Just to belatedly add that this issue dogged me with a fresh install until I tried @cgaskins-tx's solution. Worked. Thank you.

OVERLORD commented 2026-02-05 09:35:08 +03:00

Author

Owner

Copy Link

@pfeyz commented on GitHub (Dec 7, 2025):

this just bit me and it to took me hours to realize what the cause was.

the appkey command is generating an appkey string in color, so if you redirect stdout from that command to somewhere it will have extra control code bytes at the start and end of the string

$ docker run -it --rm --entrypoint /bin/bash lscr.io/linuxserver/bookstack:latest appkey > app_key
$ xxd app_key 
00000000: 1b5b 3333 6d62 6173 6536 343a 5344 6d4c  .[33mbase64:SDmL
00000010: 7274 4654 5734 6779 4948 6a30 4954 474b  rtFTW4gyIHj0ITGK
00000020: 6a46 764a 374d 7842 5255 7971 7a68 4c4d  jFvJ7MxBRUyqzhLM
00000030: 4e66 6d53 4e4d 593d 1b5b 3339 6d0d 0a    NfmSNMY=.[39m..

@pfeyz commented on GitHub (Dec 7, 2025): this just bit me and it to took me hours to realize what the cause was. the `appkey` command is generating an appkey string in color, so if you redirect stdout from that command to somewhere it will have extra control code bytes at the start and end of the string ``` $ docker run -it --rm --entrypoint /bin/bash lscr.io/linuxserver/bookstack:latest appkey > app_key $ xxd app_key 00000000: 1b5b 3333 6d62 6173 6536 343a 5344 6d4c .[33mbase64:SDmL 00000010: 7274 4654 5734 6779 4948 6a30 4954 474b rtFTW4gyIHj0ITGK 00000020: 6a46 764a 374d 7842 5255 7971 7a68 4c4d jFvJ7MxBRUyqzhLM 00000030: 4e66 6d53 4e4d 593d 1b5b 3339 6d0d 0a NfmSNMY=.[39m.. ```

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

l10n_development

release

v25-12

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label 🐕 Support

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#5026