graphql-engine: Hasura console fails to launch when using --insecure-skip-tls-verify

I get the error “Invalid admin-secret passed from CLI” when trying to use the console UI with the --insecure-skip-tls-verify flag.

The other cli commands run just fine (e.g. migrate apply) but I cannot access the console UI.

About this issue

Original URL
State: closed
Created 4 years ago
Reactions: 1
Comments: 19 (7 by maintainers)

Most upvoted comments

Try removing (or adjusting) the HASURA_GRAPHQL_CORS_DOMAIN env var. I ran into this problem a few moments ago, after playing a bit with the environment variables I found that I had a strict CORS policy. That’s what worked for me anyways.

sergiogcx on Apr 5, 2021

Yep, this is exactly what happens to me as well.

pradyuman on Jul 15, 2020

@scriptonist I get the same as you on the cmd, but then when I go to http://localhost:9695/ in a browser I get this, which sounds like the same thing as @pradyuman

ste824 on Jul 10, 2020

… and it’s back! No idea what changed. Everything about my environment is the same, running all the same commands the same as I did during office hours…

EDIT: did a bit more poking around… I have two machines: laptop and a remote machine called doodoo. I’m attempting to run hasura console on doodoo, and then connect to it from laptop. One thing that I’ve noticed is that the --endpoint must be accessible from laptop. So

hasura console --address=0.0.0.0 --endpoint=http://localhost:8080/

gives me an error when I try to access http://doodoo:9695/console/login: “Hasura console is not able to reach your Hasura GraphQL engine instance. Please ensure that your instance is running and the endpoint is configured correctly.” as well as “Invalid admin-secret passed from CLI”

But

hasura console --address=0.0.0.0 --endpoint=http://doodoo:8080/

only gives me the “Invalid admin-secret passed from CLI” error.

Also, I can be certain that my secret is valid since if I intentionally pass in an incorrect secret via --admin-secret I get a different error altogether:

[nix-shell:~/dev/cuddlefish/hasura]$ hasura console --address=0.0.0.0 --endpoint=http://doodoo:8080/ --admin-secret=incorrect
FATA[0000] {
  "path": "$",
  "error": "invalid x-hasura-admin-secret/x-hasura-access-key",
  "code": "access-denied"
}

EDIT EDIT: I think I figured out why it worked in office hours but not otherwise… I believe the difference is that I was accidentally running two hasura instances one on the doodoo and one on laptop. I’m still not able to come up with a 100% reliable reproduction however.

samuela on Nov 10, 2021

For us we had HASURA_GRAPHQL_DISABLE_CORS: 'true' which broke the cli console - removing that when we need to use the console fixed the issue for us.

marbemac on Jul 29, 2021

Same problem here. This is only happening on v2. Have tried many variations. Any ideas?

brancusi on Apr 6, 2021

for me it doesn’t even work if I provide the admin secret with --admin-secret

my version is:

bash-5.0# hasura version
INFO hasura cli                                    version=v1.3.3
INFO hasura graphql engine                         endpoint="http://hasura:8080" version=v1.3.3

rlanyi on Feb 7, 2021

Same problem here. All commands except hasura console work fine with the provided admin secret in config.yaml file.

pkong-ds on Dec 16, 2020

same problem here. what could be the problem?

divramod on Jul 28, 2020

Same here all other CLI things work fine only console fails with invalid password no matter what I try.

galipmedia on Jul 27, 2020