Problem
During the installation of Terraform Enterprise (TFE) in Docker, the container stops, and a similar error appears in the docker compose logs --follow output:
"Error reading Vault configuration: failed decrypting unseal key: could not decrypt ciphertext: chacha20poly1305: message authentication failed"
[ERROR] terraform-enterprise: check failed: name=database duration=1m30.008561657s err=\"timeout: context deadline exceeded\""}
Cause
A dollar sign ($) used in the Docker Compose file to configure a password is causing this issue. Docker Compose interprets $VAR or ${VAR} as an environment variable, leading to unintended interpolation.
Example:
version: '3.8'
services:
my_service:
image: my_image
environment:
- PASSWORD=$mypassword
To confirm if this is the cause, run docker inspect terraform-enterprise-tfe-1 (with the container in a running state) and check values for TFE_ENCRYPTION_PASSWORD, TFE_DATABASE_PASSWORD, TFE_REDIS_PASSWORD, etc.
Solution
Option 1: Use Double Dollar Signs
When a dollar sign is needed in passwords, use a double dollar sign ($$) in the Docker Compose file. This prevents Docker Compose from treating it as a variable.
Example:
version: '3.8'
services:
my_service:
image: my_image
environment:
- PASSWORD=$$mypassword
Option 2: Use Single Quotes
Single quotes around variables prevent interpolation, treating $ characters literally.
Example:
version: '3.8'
services:
my_service:
image: my_image
environment:
- PASSWORD='$mypassword'