Problem
During the installation of Terraform Enterprise (TFE) in Docker, the container stops, and a similar error appears in the docker compose logs --follow
output:
"Error reading Vault configuration: failed decrypting unseal key: could not decrypt ciphertext: chacha20poly1305: message authentication failed"
[ERROR] terraform-enterprise: check failed: name=database duration=1m30.008561657s err=\"timeout: context deadline exceeded\""}
Cause
A dollar sign ($
) used in the Docker Compose file to configure a password is causing this issue. Docker Compose interprets $VAR
or ${VAR}
as an environment variable, leading to unintended interpolation.
Example:
version: '3.8'
services:
my_service:
image: my_image
environment:
- PASSWORD=$mypassword
To confirm if this is the cause, run docker inspect terraform-enterprise-tfe-1
(with the container in a running state) and check values for TFE_ENCRYPTION_PASSWORD
, TFE_DATABASE_PASSWORD
, TFE_REDIS_PASSWORD
, etc.
Solution
Option 1: Use Double Dollar Signs
When a dollar sign is needed in passwords, use a double dollar sign ($$
) in the Docker Compose file. This prevents Docker Compose from treating it as a variable.
Example:
version: '3.8'
services:
my_service:
image: my_image
environment:
- PASSWORD=$$mypassword
Option 2: Use Single Quotes
Single quotes around variables prevent interpolation, treating $
characters literally.
Example:
version: '3.8'
services:
my_service:
image: my_image
environment:
- PASSWORD='$mypassword'